cc1c68cb4be002c09a346c3bbadca0d702635bc52b4e56aed90612bc7fe61dda

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_Installer_Script_x64_x32_bit.exe
Size

211KB
MD5

6a8b371d016c9a07696907394429d162
SHA1

fc7ffe8c01c6b371a3d1898bbd6d159ca5b43f5d
SHA256

cc1c68cb4be002c09a346c3bbadca0d702635bc52b4e56aed90612bc7fe61dda
SHA512

321633319771f6e2cd91763f50b5fe9b28868aafff2547eb7bc6a45de860400466e899b37fca227194c30151cd9da77f494cf96d79d1166fb960752b0bf0b391
SSDEEP

3072:L3mpEjfO/w3ak1YZzodwDNaCs/3KAhH3SHP7Jcm/jl23Uadjc:LMEjfOUUodwDNhO6OH07dlCw

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup_Installer_Script_x64_x32_bit.exe

C:\Users\Admin\AppData\Local\Temp\Setup_Installer_Script_x64_x32_bit.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_Installer_Script_x64_x32_bit.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2968-1-0x0000000077540000-0x0000000077616000-memory.dmp

Filesize
856KB

Download
memory/2968-0-0x0000000076740000-0x0000000076801000-memory.dmp

Filesize
772KB

Download