edb0daca1bcfdb2bbfb95a62c00cc0cbedfa0eb18d20340410dec825f34effc2

Analysis

max time kernel
10s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 17:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

hdeep.exe
Size

6.9MB
MD5

5a7595ccfd576a37171c504230a24099
SHA1

4b07fc7fcf10cf424ca97ef1f40e1934c7b96549
SHA256

edb0daca1bcfdb2bbfb95a62c00cc0cbedfa0eb18d20340410dec825f34effc2
SHA512

285ff1c60119ef62d74aa46f640879d6bdef8a0eb029bef49b70ca36563daa0decceb3fe86c86d115348cf37185bd6514db7be12613f0e057e3cf48b0f245608
SSDEEP

196608:qoPKg288I2ZCAQTEU1bLzRPKqouxGm9HU:yAp0qhGg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hdeep.exe

C:\Users\Admin\AppData\Local\Temp\hdeep.exe
"C:\Users\Admin\AppData\Local\Temp\hdeep.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads