8056b8ff55c452cc87e35d69928cccbcfc5af848db1abb4fe0364510986e068b

Analysis

max time kernel
1800s
max time network
1152s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/11/2024, 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

122KB
MD5

8eb22cbbaacb740bddf7ce1ff8eea868
SHA1

61f7f4f1afb130ede47859835eb05de10fb31b5f
SHA256

c1757c37d186b1b9868e0b92025d073ef0347adf2059163d9dfd26ec94258023
SHA512

823dd678f1a3379cd661f1ded120636caf9e7ecb1b6c411e7bf8176459c7866fb1aeea6cc7de048a5cf71c480816fe84c6a89801a30db164954d42e503e2a2f9
SSDEEP

1536:m9hZUWhR0wtIBXmzQXNxL9EkA9Lc5aOfNil1PJ4ahhC:8hyfwKBWzQBREOFq1DvC

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1028	SpaceSniffer.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SpaceSniffer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeBackupPrivilege	1028	SpaceSniffer.exe

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
PID:4460
- C:\Users\Admin\AppData\Local\CiscoSoftware\SpaceSniffer.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CiscoSoftware\SpaceSniffer.exe

Filesize
2.2MB

MD5
b310e7335eae66a533e985b377e81612

SHA1
c89d16c2d7df9e44ee4faa44a54b70ec39b9178a

SHA256
fc0629d450f8a57bc93e1ba1cdef0bff49c1a4cf0725c2a1f52116fd67d9fe8e

SHA512
29f3b7f39ca468defd3406bb872d0d9fbba1162f0662b6cce507f0d15ddc8f26db1b4b5a1e635323e1bbb1786d3ff98cfddf2ddbe5e793159effdea6e0634097

Download Submit
C:\Users\Admin\AppData\Local\CiscoSoftware\SpaceSnifferConfig.xml

Filesize
5KB

MD5
c3c4affe0b6350d9ced35f3a0e013710

SHA1
f20a87354494d915a025d246f914d122e980bb92

SHA256
19bc549a69c6e831f1f1a1e604e3471112a12c44e2b6b31f84708a6b8f439124

SHA512
30d8252bc4cd00efb955f6fb00187b6748597bd89accde400e1bf40e538b23c58238dff4b32a4e40fc68bea5f7fab5b1b0c6dbb2966df0bcf6eda8c7abc0c6de

Download Submit
memory/1028-14-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/1028-17-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/1028-16-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-20-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-22-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-25-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-28-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-30-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-33-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-36-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-38-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-41-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-43-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-46-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-49-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-51-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-54-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-56-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-59-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-62-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-64-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-67-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-70-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-72-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-75-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-77-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-80-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-83-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-85-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-88-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-90-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-93-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-96-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-98-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-101-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-104-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-106-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-109-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-111-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-114-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-117-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-119-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-122-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-124-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-127-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-130-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-132-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-135-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-137-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-140-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-143-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-145-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-148-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-151-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-153-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-156-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-158-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-161-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-164-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-166-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-169-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-171-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-174-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-177-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/1028-179-0x0000000000400000-0x000000000066C000-memory.dmp

Filesize
2.4MB

Download
memory/4460-15-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download