Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 11:39

General

  • Target

    964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exe

  • Size

    96KB

  • MD5

    0c97800219b1c9fd4551200529ac977a

  • SHA1

    b4f7a636ba5391abcfc69649f0be1ce4151a8ae3

  • SHA256

    964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617

  • SHA512

    f3f1c6566d0ae8fbfec45fa3957a931b3f7a4e6a8f657fbe194ab95e33ba1a683096d91a95c18486cd1bdcc1d6d20f73de1a06a4e48ab463d5371405ae2f1e92

  • SSDEEP

    1536:C/sBaIs0SF9PhCaeBzfqpVwotboHsTPmQtWgfnre6tgiPZqWSunF:eaaCzf+VBtbJT7t7fnTZqTuF

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exe
    "C:\Users\Admin\AppData\Local\Temp\964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2848-0-0x000000007442E000-0x000000007442F000-memory.dmp

    Filesize

    4KB

  • memory/2848-1-0x0000000000B40000-0x0000000000B5E000-memory.dmp

    Filesize

    120KB

  • memory/2848-2-0x0000000074420000-0x0000000074B0E000-memory.dmp

    Filesize

    6.9MB

  • memory/2848-3-0x000000007442E000-0x000000007442F000-memory.dmp

    Filesize

    4KB

  • memory/2848-4-0x0000000074420000-0x0000000074B0E000-memory.dmp

    Filesize

    6.9MB