Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
27/01/2025, 11:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe
Resource
win7-20241023-en
4 signatures
150 seconds
General
-
Target
a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe
-
Size
306KB
-
MD5
1481ff174e43122b240c1183e26c1fd1
-
SHA1
8089cbcf55182f5d5a9426325e080020b2493f7c
-
SHA256
a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc90a42053d454cfc671c7
-
SHA512
c5f25e8b26342c933bde72685547ff347d94ef00f69fc66a3ed21e5df7f3add314a827b88071d431bfa71340cce74f6a1e33b41402b06f1e0868a1b3c7801f68
-
SSDEEP
6144:5eMIFObW3MII7uCLrKdDeISzOau+7ntkrcvEmG4ioNNtjcBdb7iImq3I4:nI/B0ogwKgmTioNNtgj7C4
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 2596 set thread context of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 set thread context of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2596 wrote to memory of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 wrote to memory of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 wrote to memory of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 wrote to memory of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 wrote to memory of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 wrote to memory of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 wrote to memory of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 wrote to memory of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 wrote to memory of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 wrote to memory of 1884 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 30 PID 2596 wrote to memory of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31 PID 2596 wrote to memory of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31 PID 2596 wrote to memory of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31 PID 2596 wrote to memory of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31 PID 2596 wrote to memory of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31 PID 2596 wrote to memory of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31 PID 2596 wrote to memory of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31 PID 2596 wrote to memory of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31 PID 2596 wrote to memory of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31 PID 2596 wrote to memory of 2776 2596 a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe"C:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2596 -
C:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exeC:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe2⤵PID:1884
-
-
C:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exeC:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe2⤵PID:2776
-