7c81c35dd3a587ceca2ec3fb0e266de3f3c9085d557bd0900847590f714c0b8e

Analysis

max time kernel
140s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
31-07-2024 23:53

Target

sample1.exe
Size

3.0MB
MD5

feb34584dab15ee2b93405ed12747bed
SHA1

b8e382d5bd00bbeed0541588fc0d840ec1d9ef3c
SHA256

7c81c35dd3a587ceca2ec3fb0e266de3f3c9085d557bd0900847590f714c0b8e
SHA512

e474af31482a950c5673ebab9b4581a23b0780ff948a4291c6b6dbc87794d2c5b52c71c2d75c397bcd7b82dcd580b9634e7282f0230aa71d77c9ff15e2635791
SSDEEP

49152:ILFL0NxianRXZYrkHXFLYgiJiITRf+EGg7dUPtaX5cTQ6k1NJO:0xwkaRXDVLLNPZT6g

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

sample1.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sample1.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sample1.exe

C:\Users\Admin\AppData\Local\Temp\sample1.exe
"C:\Users\Admin\AppData\Local\Temp\sample1.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4996

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance