fe9fdf5ff536a86c6b5ad4f5c16c5edfbbb85ff085c3045e7118fb0a9c5d5315

Analysis

max time kernel
17s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 14:45

Target

zip.exe
Size

296KB
MD5

07ca390d3d80fa9c39018aa7cf3bba93
SHA1

1db3082f22723982d3709cdec921687417fc3ab2
SHA256

fe9fdf5ff536a86c6b5ad4f5c16c5edfbbb85ff085c3045e7118fb0a9c5d5315
SHA512

e5d153bad0bbc71d1a5548f759bb8069f4c26a5555b7e59bb80a6ea4be397955846046c1f208e52e68e2df4e5424390c5b963553477cfeb75408bb45cb852a4a
SSDEEP

6144:+emIWncUsq/i4vo6cRwtf/STC47MSzISIJTc6TDo:bjccjai4vo6cRb+4QScSI74

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

zip.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language zip.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	zip.exe

C:\Users\Admin\AppData\Local\Temp\zip.exe
"C:\Users\Admin\AppData\Local\Temp\zip.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2900

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact