e47e538386308a37fb61282244baaea75e5fb4366df5267b75b2103a4fec10d8

Analysis

max time kernel
16s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

External Skin Changer.exe
Size

82KB
MD5

edd9efd079205dd2080e92d6ec7c7b43
SHA1

8c4add5ec1cf5862ab4a1ba8c66737b492011d86
SHA256

e47e538386308a37fb61282244baaea75e5fb4366df5267b75b2103a4fec10d8
SHA512

dd6e1703167a966a643b4a01c4cc9ce0538c66ff093d5d1e66dfb6aa5389e80a700857a88f442bf7a8c78813740a49986d19a45f4cad834e040f5ad095fb089c
SSDEEP

1536:Fc0dr25ITic13VdsFgvTx9MsRCtymT9hZ+i:FjS5Oicu0Tx9BRCtyI9hZ+i

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	External Skin Changer.exe

C:\Users\Admin\AppData\Local\Temp\External Skin Changer.exe
"C:\Users\Admin\AppData\Local\Temp\External Skin Changer.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2968-0-0x0000000000640000-0x000000000066B000-memory.dmp

Filesize
172KB

Download
memory/2968-1-0x0000000000640000-0x000000000066B000-memory.dmp

Filesize
172KB

Download