8bd044794ba9f5745a0145ae7a4c31ef259087faec55d240af9f2901f292371b

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20241119 Vietcombank - Xác nhận thanh toán.pdf.exe
Size

6KB
MD5

8e6b9581bb62de86eff64e173d6b2783
SHA1

50ef6a10229230c3921a5367e2ff78bd6811713a
SHA256

0d450b54c9d69b73601a2f82fb0d41eac324b6efc1462401cce8be64080bec4c
SHA512

701dbe96d88c8c4e759d78aec3344b5aed785180539a5ec2ffaef0d64fbc7e8a0cc593aee5f1c64b307df5cdd73a7d143107b6bc8f681b0dc5aff1a32b9ead64
SSDEEP

96:bo5v9wSZf13tOrR8aMaiVu+ZsR4dXwaMH+URzNt:0vN7MRziu+ZA4dAagpz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	20241119 Vietcombank - Xác nhận thanh toán.pdf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2840	20241119 Vietcombank - Xác nhận thanh toán.pdf.exe

C:\Users\Admin\AppData\Local\Temp\20241119 Vietcombank - Xác nhận thanh toán.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\20241119 Vietcombank - Xác nhận thanh toán.pdf.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2840-0-0x000000007460E000-0x000000007460F000-memory.dmp

Filesize
4KB

Download
memory/2840-1-0x0000000000D00000-0x0000000000D08000-memory.dmp

Filesize
32KB

Download
memory/2840-2-0x0000000074600000-0x0000000074CEE000-memory.dmp

Filesize
6.9MB

Download
memory/2840-3-0x000000007460E000-0x000000007460F000-memory.dmp

Filesize
4KB

Download
memory/2840-4-0x0000000074600000-0x0000000074CEE000-memory.dmp

Filesize
6.9MB

Download