5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa

Analysis

max time kernel
150s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
07-02-2025 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
Size

2.0MB
MD5

7577b4bdca66f43383cc9cacc4c07565
SHA1

658984d41ab5aa57085e7c3b700f8451e49dfd93
SHA256

5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa
SHA512

985635a99dd9ceffb3fcaf07398fd5cd778e1cd6212e0d719075879bde2a0188c09786a883ce3e5eaa6ba38ecda127869d752ef57b3a405a55bd015cb0ba3a85
SSDEEP

49152:AVImnP3ObryxvZcaS39o1LsWO4iaXT5XeM1R:A8OOaS36D5r1R

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
Token: SeDebugPrivilege	3396	5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
Token: SeDebugPrivilege	1416	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	4700	MicrosoftEdgeUpdate.exe

C:\Users\Admin\AppData\Local\Temp\5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe
"C:\Users\Admin\AppData\Local\Temp\5583d1e87bc2f683f2279cd24a1c44e60aea6de82a4c01084e4974aa3f99a4fa.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3396

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1416

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
394KB

MD5
b3a4f1ae5e728cb3b6ff36ce5eb19fb2

SHA1
6f664f07de0db5fdd5df03661966af8cb42caa14

SHA256
14e11c33d76104f44b7c1b94294bd6843df5ebf6b066b13733e1b5fc236daee8

SHA512
8b3623ea3caec4e53ad8c26ae33c26e8d8218728e641a554c24a7b33ec95000d78f2833d155cb75ccdf76b1ad98db226a8614c9b2794cb2fec032cfad198e61e

Download Submit
memory/3396-8-0x000001FD616C0000-0x000001FD616F8000-memory.dmp

Filesize
224KB

Download
memory/3396-9-0x000001FD61690000-0x000001FD6169E000-memory.dmp

Filesize
56KB

Download
memory/3396-3-0x00007FFBA9D70000-0x00007FFBAA831000-memory.dmp

Filesize
10.8MB

Download
memory/3396-4-0x00007FFBA9D70000-0x00007FFBAA831000-memory.dmp

Filesize
10.8MB

Download
memory/3396-5-0x00007FFBA9D70000-0x00007FFBAA831000-memory.dmp

Filesize
10.8MB

Download
memory/3396-6-0x000001FD61640000-0x000001FD61648000-memory.dmp

Filesize
32KB

Download
memory/3396-2-0x00007FFBA9D70000-0x00007FFBAA831000-memory.dmp

Filesize
10.8MB

Download
memory/3396-0-0x00007FFBA9D73000-0x00007FFBA9D75000-memory.dmp

Filesize
8KB

Download
memory/3396-7-0x00007FFBA9D70000-0x00007FFBAA831000-memory.dmp

Filesize
10.8MB

Download
memory/3396-22-0x00007FFBA9D70000-0x00007FFBAA831000-memory.dmp

Filesize
10.8MB

Download
memory/3396-23-0x00007FFBA9D73000-0x00007FFBA9D75000-memory.dmp

Filesize
8KB

Download
memory/3396-24-0x00007FFBA9D70000-0x00007FFBAA831000-memory.dmp

Filesize
10.8MB

Download
memory/3396-25-0x00007FFBA9D70000-0x00007FFBAA831000-memory.dmp

Filesize
10.8MB

Download
memory/3396-26-0x00007FFBA9D70000-0x00007FFBAA831000-memory.dmp

Filesize
10.8MB

Download
memory/3396-1-0x000001FD43300000-0x000001FD43334000-memory.dmp

Filesize
208KB

Download