Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 05:12

General

  • Target

    a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe

  • Size

    1.2MB

  • MD5

    ac6323cfb95cc48955949b4d2e7f91a5

  • SHA1

    525a7271bef3988185b4f2be7d797b2dfab8bcd0

  • SHA256

    a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac

  • SHA512

    34bc32f1e5c578a4b0e438311828d390ba6b657aafc018294a22db16697e5313693cce40996cfb31d55eb5f25e0713f835b1933620b1f23b0ea5732e7518e9df

  • SSDEEP

    24576:W2hVX3mzctl0cJQEcUKs9MjemJ5gx1wj7h0lhSMXl54Tud:9TX3yctl0E1Ks+egCx+jKp4T6

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe
    "C:\Users\Admin\AppData\Local\Temp\a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads