Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
03-12-2024 02:19
General
-
Target
All-In-One.exe
-
Size
5.1MB
-
MD5
a48e3197ab0f64c4684f0828f742165c
-
SHA1
f935c3d6f9601c795f2211e34b3778fad14442b4
-
SHA256
baecc747370a4c396ef5403a3a2b286465d8fe4677bf1bfd23b8164ef5c22bbb
-
SHA512
e0b0b73c39850a30aac89f84f721c79f863612f596d6ff3df0860a9faf743a81364656773c99708e9c0656c74b6a278b6bf7e648f7ff1b9080f9a21e10515a59
-
SSDEEP
98304:Vhphy6SpVKfHLZlIPxxme7wltblhyATyK5lzalYQ:jPErMsPx+tblhyQalYQ
Score
10/10
Malware Config
Signatures
-
XenArmor Suite
XenArmor is as suite of password recovery tools for various application.
-
Xenarmor family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\All-In-One.exe"C:\Users\Admin\AppData\Local\Temp\All-In-One.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx