48041893231c5721cb7fedcca12988eddd641f0849f8192e384fff6817b8208a

Analysis

max time kernel
98s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

594d481bc4ec02c040f969c2bd730cc0N.exe
Size

79KB
MD5

594d481bc4ec02c040f969c2bd730cc0
SHA1

5c15a607d0408de620608951d81ea1f6a0beca5b
SHA256

48041893231c5721cb7fedcca12988eddd641f0849f8192e384fff6817b8208a
SHA512

142b9118262c292d465a45c54f6b475d0824313be4621f90f72a394d8dbec2728438069df5bcfef09b0ac175cde62bcae9dd6447d1c228551c709fd4496b8aae
SSDEEP

1536:zv+vF0ocOQA8AkqUhMb2nuy5wgIP0CSJ+5yktB8GMGlZ5G:zv+vTpGdqU7uy5w9WMygN5G

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	594d481bc4ec02c040f969c2bd730cc0N.exe

C:\Users\Admin\AppData\Local\Temp\594d481bc4ec02c040f969c2bd730cc0N.exe
"C:\Users\Admin\AppData\Local\Temp\594d481bc4ec02c040f969c2bd730cc0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3244-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download