Analysis
-
max time kernel
7s -
max time network
2s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
30/03/2025, 19:58
Static task
static1
Behavioral task
behavioral1
Sample
debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe
Resource
win7-20240729-en
General
-
Target
debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe
-
Size
1.1MB
-
MD5
c998e3a86713accbfb925c5e57b3df50
-
SHA1
c378fe324c825a97c80a252512f546bac9ed56a5
-
SHA256
debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99
-
SHA512
e8e91874628c51f2ef0d28e464290b3dd2de07ee0fc9c92b9b084f5378cd6eeffe960f6fc1ebc27f5f13e9931845d8c447769f5a65d31926aa9ec48d831d4c1c
-
SSDEEP
12288:Vp+rgRNyA55IxJ+feDOa9rZj5XqkJD0QrOod7XxlW91RRzwAY3Aks1:VpugRNJI1D39dlfGQrFUxwAeAks1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2680 debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe 2680 debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe 2680 debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe 2680 debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe 2680 debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe 2680 debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2680 debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe"C:\Users\Admin\AppData\Local\Temp\debe72116b9c78adf0bedd9ccdf4251146a51d090312d88286d5de81ea48ae99.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2680