b86bcee73c65b50d5a86976c855aca8ebe7542f7fb983ea7b6c9ef5b69456d18

Analysis

max time kernel
129s
max time network
138s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
27-07-2024 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Battlefield 2/NavMesh/ObjectTest.exe
Size

16KB
MD5

36e426b4225a957f76d4dd33933041ab
SHA1

4917a1e65408632c56c6bf6394b5f4632e6b1292
SHA256

c3ccf2100796145eabdc3eb521c0f277b6251ddd3572f43d40d625e92455bb8e
SHA512

d63fd1029f9b6e5f450d072adeff2434d1f12262757127861546237a59a4fa67c75088b955dab87dd1b2162f32b93e484f760bea94627202488fa64c343800e1
SSDEEP

192:SFOvDD21VkZFaGKapWs6seMjrFPcD7rNoynuI:YOGPkZFaTaor7ErFPcD7BMI

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

ObjectTest.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ObjectTest.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ObjectTest.exe

C:\Users\Admin\AppData\Local\Temp\Battlefield 2\NavMesh\ObjectTest.exe
"C:\Users\Admin\AppData\Local\Temp\Battlefield 2\NavMesh\ObjectTest.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1460-0-0x00000000009C0000-0x0000000000A3D000-memory.dmp

Filesize
500KB

Download
memory/1460-2-0x0000000000A40000-0x0000000000B1A000-memory.dmp

Filesize
872KB

Download
memory/1460-3-0x00000000009C0000-0x0000000000A3D000-memory.dmp

Filesize
500KB

Download
memory/1460-1-0x00000000001C0000-0x00000000001CB000-memory.dmp

Filesize
44KB

Download