Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
15-11-2024 20:16
Behavioral task
behavioral1
Sample
1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be.exe
Resource
win10v2004-20241007-en
General
-
Target
1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be.exe
-
Size
6.9MB
-
MD5
32239cf8ee32f98a3c0a9e3349dd634e
-
SHA1
9a76d6a82b1aa47b33713bcde6d41abe3f29dbf2
-
SHA256
1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be
-
SHA512
b67c15b81638a8163f9af11c1291aad249868eb9f4b9ce663a0e2741a0057c1b4557e505b7bb87fcd4d6ba1c5082ba0adb4730ae8fe608647066c502c3fc35b6
-
SSDEEP
98304:/Qv1/G7ec05ABjE40JpJRD5VECf2w3L2vuQ:Iv9GCdHzV9O8L2F
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\system32\PsExec64.exe 1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2404 1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be.exe"C:\Users\Admin\AppData\Local\Temp\1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be.exe"1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2404