908669ce3e36cf6e9efa677398453a189f8fabbaa7b89ecdb30af266191fa448

Analysis

max time kernel
112s
max time network
91s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02315851b7f0a6e1527ae662d5a59090N.exe
Size

139KB
MD5

02315851b7f0a6e1527ae662d5a59090
SHA1

55df3c8a908f4d4c4dc500029b8ab28b156ed694
SHA256

908669ce3e36cf6e9efa677398453a189f8fabbaa7b89ecdb30af266191fa448
SHA512

44e55fb3ab11ca061b6e5d8d468ca8029fc6cbe05569d827ab2488e786efff770d3fde712d062df141827e7ae5df53c93988d7e7e3bc8e788707da0c9eaf4c6b
SSDEEP

3072:hs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/+/Fnncr5:hDeM7iNEkgiOb31k1ECgJq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	02315851b7f0a6e1527ae662d5a59090N.exe

C:\Users\Admin\AppData\Local\Temp\02315851b7f0a6e1527ae662d5a59090N.exe
"C:\Users\Admin\AppData\Local\Temp\02315851b7f0a6e1527ae662d5a59090N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-BiiLxnoQaJFE2EOP.exe

Filesize
139KB

MD5
1bc45af5d9d499b1a08928ebf47cfa2b

SHA1
aae82d86fc55de73f3ced7e14b2f90dbe2b6ee56

SHA256
fff00145fb63d6df768a029c0ff79883ed6cbbba6ed68b9e9cf42afb001ce2bd

SHA512
5445c76d3277e8e967192dbea65c470f0f450e31ce831aabb277df6c5b73368b6b832fafe125d27773aa8c2566b97fb69e76fb587842d745e2ddf88cf4a2a24f

Download Submit
memory/1760-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1760-6-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1760-13-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1760-20-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download