984d530e78ec72391f217805e5e078cef1c4e15c156c12d60841dae8b2e5af87

Resubmissions

02/08/2024, 02:50

240802-db3vrs1hpj 10

02/08/2024, 02:47

240802-c9v25sweqe 10

Analysis

max time kernel
93s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x86/Paring_[1MB]_[1].exe
Size

1.9MB
MD5

4601692d9ec47eb3ed8b843de5a36ccc
SHA1

005b44a84219035e85ba98109ccc16a59fb85946
SHA256

d377d81e1a6e4afebeda31326179d157f3a463129f2cb639597d7c31b1610ce1
SHA512

b98f290274f5bb98e8c18c9ae0105559d0a98fccca27afbee577c7cdcae12a4600fc2ab0134c98e3c1fd1a2bd03bbe94f606fd38089c77140e05e8b7b955575c
SSDEEP

49152:1KgeR7rW0PiFtA20ilRO+2r9FWjjyakqN5n:AX/W0PiFO20ilU+2OvjkqN5n

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Paring_[1MB]_[1].exe

C:\Users\Admin\AppData\Local\Temp\x86\Paring_[1MB]_[1].exe
"C:\Users\Admin\AppData\Local\Temp\x86\Paring_[1MB]_[1].exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads