Analysis
-
max time kernel
11s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28/03/2025, 13:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
1.exe
-
Size
706KB
-
MD5
cea36ea3da046afb6dec951b751bee61
-
SHA1
a27bcfa338e14b3d57b8756a1c46a9ff6db3981d
-
SHA256
eb4dde3a53673d0bb16c5d4c80cd8a17128976badd6ff2aa5010364c42e1091f
-
SHA512
a4b31771f96f1452d3876ec42296a248897c7b0bc641e392ab4a3fd89c1c0549bebeeb13bf07238ff74665ef27fb5afab69b51bc95c8e3904c8d855a2fcf7946
-
SSDEEP
12288:Le0Lq+QD96jt6dFlCQcxBc1Jp7psZ1TN3Br8OQpE3G5WkFJsUP8H7m:q0LhQPQvoKZa
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe 2800 1.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2800 1.exe