6a3d028e3a16355b940c381b1a48aa5fe2044b96d7062deb38f26c695a209c27

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a3d028e3a16355b940c381b1a48aa5fe2044b96d7062deb38f26c695a209c27.exe
Size

155KB
MD5

2cf82e18a311e3cf09ffe6870d3944c1
SHA1

46295267a018e646b4536e001ae144b057eb5793
SHA256

6a3d028e3a16355b940c381b1a48aa5fe2044b96d7062deb38f26c695a209c27
SHA512

20cf5848c98aef2e07531ba7979ec39b8216d2b0ccd44230aef9df34f46aba49402934dfe5375ea11ed632b64851071fc01d881d71a3ed9216413f738c94dc87
SSDEEP

1536:W7ZppApBULcfpHLcfpX2/Nw/Nwmxch4roWQehIzU0De6e4TwhnarYQDznGprbegZ:6pWpBwchcV2Wx5tT5IZ/u6i

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6a3d028e3a16355b940c381b1a48aa5fe2044b96d7062deb38f26c695a209c27.exe

C:\Users\Admin\AppData\Local\Temp\6a3d028e3a16355b940c381b1a48aa5fe2044b96d7062deb38f26c695a209c27.exe
"C:\Users\Admin\AppData\Local\Temp\6a3d028e3a16355b940c381b1a48aa5fe2044b96d7062deb38f26c695a209c27.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...