fc4fec44ccf08b41c96e2780a18573a05858cad5a500b2da55e84cfc86c89a0d

Analysis

max time kernel
179s
max time network
182s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-11-2024 22:46

Target

2082-1220- SEGUNDA INSTANCIA No. 7590-2024.exe
Size

5.2MB
MD5

8cb9e46a08c436f772738ad5708a8ec5
SHA1

d7672934e1ec81f3f1d1e59a06556b641e97c69a
SHA256

1f12c1cbc308e400ba5eca71443f8dc41162be0c0a59afd60a04cc6bb7705f5d
SHA512

b001d3a78006b4d45e1041939ac0ea940db3de886e5fb68defe40e2466bd5b94b8da213ac48ead29054de5001ba7cc89bdd3dab85acf4367a14551e158d0e90a
SSDEEP

98304:vLfK1AYizQPQo006Jr2qenjIsQZdZK/++cy5u7rwIGPZr:ri8QIo05gnjIsMu2bdrwIGPZr

Score

6^/10

discovery

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

Processes:

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

2082-1220- SEGUNDA INSTANCIA No. 7590-2024.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2082-1220- SEGUNDA INSTANCIA No. 7590-2024.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2082-1220- SEGUNDA INSTANCIA No. 7590-2024.exe

description pid process

Token: SeDebugPrivilege 2664 2082-1220- SEGUNDA INSTANCIA No. 7590-2024.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2082-1220- SEGUNDA INSTANCIA No. 7590-2024.exe

description	pid	process
Token: SeDebugPrivilege	2664	2082-1220- SEGUNDA INSTANCIA No. 7590-2024.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

memory/2664-0-0x00000000742AE000-0x00000000742AF000-memory.dmp

Filesize
4KB

Download
memory/2664-1-0x0000000000140000-0x000000000067A000-memory.dmp

Filesize
5.2MB

Download
memory/2664-2-0x00000000742A0000-0x000000007498E000-memory.dmp

Filesize
6.9MB

Download
memory/2664-3-0x00000000742AE000-0x00000000742AF000-memory.dmp

Filesize
4KB

Download
memory/2664-4-0x00000000742A0000-0x000000007498E000-memory.dmp

Filesize
6.9MB

Download