Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-11-2024 05:12
Behavioral task
behavioral1
Sample
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe
Resource
win10v2004-20241007-en
General
-
Target
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe
-
Size
1.2MB
-
MD5
ac6323cfb95cc48955949b4d2e7f91a5
-
SHA1
525a7271bef3988185b4f2be7d797b2dfab8bcd0
-
SHA256
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac
-
SHA512
34bc32f1e5c578a4b0e438311828d390ba6b657aafc018294a22db16697e5313693cce40996cfb31d55eb5f25e0713f835b1933620b1f23b0ea5732e7518e9df
-
SSDEEP
24576:W2hVX3mzctl0cJQEcUKs9MjemJ5gx1wj7h0lhSMXl54Tud:9TX3yctl0E1Ks+egCx+jKp4T6
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exedescription ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\International\Geo\Nation a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exedescription pid Process Token: SeDebugPrivilege 2872 a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe Token: SeImpersonatePrivilege 2872 a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe