Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 11:05

General

  • Target

    a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe

  • Size

    306KB

  • MD5

    1481ff174e43122b240c1183e26c1fd1

  • SHA1

    8089cbcf55182f5d5a9426325e080020b2493f7c

  • SHA256

    a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc90a42053d454cfc671c7

  • SHA512

    c5f25e8b26342c933bde72685547ff347d94ef00f69fc66a3ed21e5df7f3add314a827b88071d431bfa71340cce74f6a1e33b41402b06f1e0868a1b3c7801f68

  • SSDEEP

    6144:5eMIFObW3MII7uCLrKdDeISzOau+7ntkrcvEmG4ioNNtjcBdb7iImq3I4:nI/B0ogwKgmTioNNtgj7C4

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe
    "C:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2596
    • C:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe
      C:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe
      2⤵
        PID:1884
      • C:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe
        C:\Users\Admin\AppData\Local\Temp\a5b4e1ca469fbdbbb9ce84ad653dcb94b5c0d6069bdc9.exe
        2⤵
          PID:2776

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2596-0-0x00000000746AE000-0x00000000746AF000-memory.dmp

              Filesize

              4KB

            • memory/2596-1-0x0000000000210000-0x0000000000262000-memory.dmp

              Filesize

              328KB