3990ab6d73f0a92606cb4c86d39e077f014da65413a264be94d03ca8478e64b8

Analysis

max time kernel
103s
max time network
104s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
21/03/2025, 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pisun.exe
Size

54KB
MD5

45140e967970cd63521eaa76dc4db7d7
SHA1

aae8aa4c5fb8e1d5a830f1f095d7550a89b7634a
SHA256

3990ab6d73f0a92606cb4c86d39e077f014da65413a264be94d03ca8478e64b8
SHA512

d8c5274fc1c66700c3fb63527973cb20106070698eebdf90e6b3f9ace371e34a653e382f949683d9aab0cb33fdd00ab2b943e499a4d2d6f42a24822fa2142129
SSDEEP

768:U8I0g652Esltuq55JR2ET3NwJSNbxWQG35bmaePD5PvXOC2XXJdxIEpmvg:U8ZVGtZ5DTCGlWQcGD0LX3xIEpmvg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pisun.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	5568	pisun.exe
Token: 33	5568	pisun.exe
Token: SeIncBasePriorityPrivilege	5568	pisun.exe

C:\Users\Admin\AppData\Local\Temp\pisun.exe
"C:\Users\Admin\AppData\Local\Temp\pisun.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5568-0-0x0000000075452000-0x0000000075453000-memory.dmp

Filesize
4KB

Download
memory/5568-1-0x0000000075450000-0x0000000075A01000-memory.dmp

Filesize
5.7MB

Download
memory/5568-2-0x0000000075450000-0x0000000075A01000-memory.dmp

Filesize
5.7MB

Download
memory/5568-3-0x0000000075452000-0x0000000075453000-memory.dmp

Filesize
4KB

Download
memory/5568-4-0x0000000075450000-0x0000000075A01000-memory.dmp

Filesize
5.7MB

Download
memory/5568-5-0x0000000075450000-0x0000000075A01000-memory.dmp

Filesize
5.7MB

Download
memory/5568-6-0x0000000075450000-0x0000000075A01000-memory.dmp

Filesize
5.7MB

Download
memory/5568-8-0x0000000075450000-0x0000000075A01000-memory.dmp

Filesize
5.7MB

Download