9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-12-2024 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Whatsapp-GUI.exe
Size

278KB
MD5

8c3ef2eba970f543f0ebe6dced908402
SHA1

431157eaf15244e5d8cc167511b4611f4dfae85c
SHA256

9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02
SHA512

fd0e2b2539ad4a0d587ba0059653d82e2bf4aadf37ca5a097b60fc0658aa1b3850bb589ee1cc0d5c39bfc574beaa4d56eea6a32f57407bfee21b2f306c737680
SSDEEP

3072:FUbtVKuFEC34/8yBV+VKuFJC34GtmANWJ/j3:FUb/KVKq8NKmKntZWJT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Whatsapp-GUI.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2260	Whatsapp-GUI.exe

C:\Users\Admin\AppData\Local\Temp\Whatsapp-GUI.exe
"C:\Users\Admin\AppData\Local\Temp\Whatsapp-GUI.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2260-0-0x00000000740FE000-0x00000000740FF000-memory.dmp

Filesize
4KB

Download
memory/2260-1-0x0000000001260000-0x00000000012A8000-memory.dmp

Filesize
288KB

Download
memory/2260-2-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download
memory/2260-3-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download
memory/2260-4-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download