938e8579fcde27de966590c31172ea38861284b95395d3e8f0637ffc5e55f493

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 08:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

938e8579fcde27de966590c31172ea38861284b95395d3e8f0637ffc5e55f493.exe
Size

1.3MB
MD5

fb658c924b3ef89fff5bb5edef3d4b20
SHA1

e026160c94afa898d78feccb66df85e54c175b1e
SHA256

938e8579fcde27de966590c31172ea38861284b95395d3e8f0637ffc5e55f493
SHA512

9352689293d083498abdc2b8db6e2390f7dbf3565cd3961eb49812e417d0b2dada86077a8391222af887f9098422e4a126cdba6ffb8dc396bd78a3207ee55220
SSDEEP

12288:09iB+tGV3VfCfHcqNS0zKepmlDlpVfjp8EizX+AuV27snt5odJMsq:09iBPVg9N9JMlDlfjRiVuVsWt5MJMsq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	938e8579fcde27de966590c31172ea38861284b95395d3e8f0637ffc5e55f493.exe

C:\Users\Admin\AppData\Local\Temp\938e8579fcde27de966590c31172ea38861284b95395d3e8f0637ffc5e55f493.exe
"C:\Users\Admin\AppData\Local\Temp\938e8579fcde27de966590c31172ea38861284b95395d3e8f0637ffc5e55f493.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2388-0-0x0000000000550000-0x00000000005B7000-memory.dmp

Filesize
412KB

Download
memory/2388-8-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download
memory/2388-11-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download
memory/2388-9-0x0000000000550000-0x00000000005B7000-memory.dmp

Filesize
412KB

Download