10da2c5273fb00ec2fd9acdf7e9dbe31ec1408ba07b6374c7416243f4a69ff63

Analysis

max time kernel
149s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SimpleHK.exe
Size

2.7MB
MD5

b8cc9e4b4f91daa9b14d2c8a3da80832
SHA1

57f9b6b3a1a56028131f325c0d4f4ca2044bbafb
SHA256

52477fd940ee683c155b22ff5af946f8365827b3ab7ad578e8b71868706de179
SHA512

d357cdee68f094658bbd131a6bd8f3c6ba5e30144054d66a69f6f5b9cd3911dd90b9b538c19b59fa00fbd4d77645048e2a36cadca721937b0b06839042a1909b
SSDEEP

49152:GkxOm+7TjsPnztyDMMaskz67HONlx30fb0pXSbey3a7V1ruPP2D5RRnV+r0:GJotyD0z67Q330TWB7V1uPY5Rl

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguage	SimpleHK.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language	SimpleHK.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1708	SimpleHK.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe
1708	SimpleHK.exe

C:\Users\Admin\AppData\Local\Temp\SimpleHK.exe
"C:\Users\Admin\AppData\Local\Temp\SimpleHK.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\simple_hotkey_list_new.kjb

Filesize
576B

MD5
13ba4726c50dab18f7494d1428794b06

SHA1
cb2634d2084669ae17700922158230d2de31d2b7

SHA256
732a085770301c2b2dd336f8308d88e594caffba688d6495ad93eccff0d36f5f

SHA512
c68d747fb85300ed625b7e8be08110edf3288425eb35eb160f95ef8e9f612b3c8a61f44c9abf322ec8da899e8e3aaabb63c4fe5859580ca1de5f3ed4edd3b742

Download Submit
memory/1708-1-0x00000213A2EB0000-0x00000213A2EB1000-memory.dmp

Filesize
4KB

Download
memory/1708-48-0x00000213A2A10000-0x00000213A2A11000-memory.dmp

Filesize
4KB

Download
memory/1708-50-0x00000213A2EB0000-0x00000213A2EB1000-memory.dmp

Filesize
4KB

Download