0d296f9353373783f64441d9ef093ea9e624c1bacd0eb2bd3f650eae2124741d

Analysis

max time kernel
150s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 03:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LEX2.exe
Size

196KB
MD5

25f8e47eeb9294021b5b73ca301020c0
SHA1

2072e2827682c30b4781b7b35a07fbc35f69f3ad
SHA256

99afe0c5ca3d147c492001ac34a1bea8fb44134abcfe4c7228c2e1cf11a59afa
SHA512

ac98896b6f0de6d4c3f25d311aae3467a6da9bffe7c5834a83292534bd8df87f28e7166ad580986721322aa59313c0bfeea8cad863d60a7c727181bf0fca554b
SSDEEP

6144:wihCgS506gI98gWNlPTGQQm6agrdmbF6LF8frGz5o:wDO6oNtTirdsdjso

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LEX2.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe
5008	LEX2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSecurityPrivilege	5008	LEX2.exe
Token: SeDebugPrivilege	5008	LEX2.exe

C:\Users\Admin\AppData\Local\Temp\LEX2.exe
"C:\Users\Admin\AppData\Local\Temp\LEX2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5008-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5008-1-0x00000000021F0000-0x0000000002233000-memory.dmp

Filesize
268KB

Download
memory/5008-5-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/5008-9-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/5008-8-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/5008-12-0x0000000002420000-0x0000000002423000-memory.dmp

Filesize
12KB

Download
memory/5008-11-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/5008-10-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/5008-7-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/5008-6-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/5008-3-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download
memory/5008-2-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/5008-4-0x00000000009D0000-0x00000000009D1000-memory.dmp

Filesize
4KB

Download
memory/5008-14-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/5008-13-0x0000000002410000-0x0000000002417000-memory.dmp

Filesize
28KB

Download
memory/5008-15-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/5008-26-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/5008-25-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/5008-66-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/5008-65-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/5008-64-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/5008-63-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/5008-62-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/5008-61-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/5008-60-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/5008-59-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/5008-58-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/5008-57-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/5008-56-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/5008-55-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/5008-54-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/5008-53-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/5008-52-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/5008-51-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/5008-50-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/5008-49-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/5008-48-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/5008-47-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/5008-46-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/5008-45-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/5008-44-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/5008-43-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/5008-42-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/5008-41-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/5008-40-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/5008-39-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/5008-38-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/5008-37-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/5008-36-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/5008-35-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/5008-34-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/5008-33-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/5008-32-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/5008-31-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/5008-30-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/5008-29-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/5008-28-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/5008-24-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/5008-23-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/5008-22-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/5008-21-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/5008-20-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/5008-19-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/5008-18-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/5008-17-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/5008-16-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/5008-67-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5008-68-0x00000000021F0000-0x0000000002233000-memory.dmp

Filesize
268KB

Download
memory/5008-69-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5008-70-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5008-71-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5008-72-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5008-73-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5008-74-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5008-78-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5008-79-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download