Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20-11-2024 11:39
Static task
static1
Behavioral task
behavioral1
Sample
964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exe
Resource
win10v2004-20241007-en
General
-
Target
964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exe
-
Size
96KB
-
MD5
0c97800219b1c9fd4551200529ac977a
-
SHA1
b4f7a636ba5391abcfc69649f0be1ce4151a8ae3
-
SHA256
964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617
-
SHA512
f3f1c6566d0ae8fbfec45fa3957a931b3f7a4e6a8f657fbe194ab95e33ba1a683096d91a95c18486cd1bdcc1d6d20f73de1a06a4e48ab463d5371405ae2f1e92
-
SSDEEP
1536:C/sBaIs0SF9PhCaeBzfqpVwotboHsTPmQtWgfnre6tgiPZqWSunF:eaaCzf+VBtbJT7t7fnTZqTuF
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exedescription pid process Token: SeDebugPrivilege 2848 964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exe"C:\Users\Admin\AppData\Local\Temp\964958fa1f6ca768efdbb1faa89afb2a2e88119759af4df9ec6eec6bddb51617.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2848