Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10-11-2024 01:35
Static task
static1
Behavioral task
behavioral1
Sample
05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe
Resource
win10v2004-20241007-en
General
-
Target
05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe
-
Size
11.0MB
-
MD5
1762716889c3daa031df4240ad5e2db5
-
SHA1
48d05ca39525e3a6c160141cb6e32f3b7b06e323
-
SHA256
05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067
-
SHA512
7804672ec6ac14b8009a1f768c9f12c06dad9a70eaa8cec2dc610caafb72d642ce04f093decfb2141ef77b19d7a9e99d35efcf06385d23e734a746bcbcaf4de4
-
SSDEEP
196608:3n59HUwkhzvnda0PXUhM7Ao0G+wGLF8bhJrvRKpM7sjX3d38FLOyomFHKnPn:XvBkx/mY7+Be1JlNsjX3d38Fa
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exepid process 4912 05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exedescription pid process Token: SeDebugPrivilege 4912 05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe Token: SeRestorePrivilege 4912 05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exepid process 4912 05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe 4912 05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe 4912 05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe 4912 05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe 4912 05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe 4912 05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe"C:\Users\Admin\AppData\Local\Temp\05afdc2e75e4465231687a7de5535bb7da7fcba6d98c03c45c94411cf26a4067.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD5e7ae42ea24cff97bdead0c560ef2add1
SHA1866f380a62622ab1b6c7705ddc116635e6e3cc86
SHA256db2897eeea65401ee1bd8feeebd0dbae8867a27ff4575f12b0b8a613444a5ef7
SHA512a4a27b2be70e9102d95ee319ec365b0dc434d4e8cd25589ce8a75b73bbe4f06b071caa907c7a61387b2ce6a35a70873593564499b88598f77a7c25c47448fb0a