476f52f7d1eb6dd7eaf89f146d6b44d370ee7df4202a30bafac8d045ab0c37f3

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08-08-2024 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

476f52f7d1eb6dd7eaf89f146d6b44d370ee7df4202a30bafac8d045ab0c37f3.exe
Size

1.3MB
MD5

7af79e50298bedc6a8afdbde8582be50
SHA1

29a65eac8ba2d5ceb8529939006dee9408aa0c7d
SHA256

476f52f7d1eb6dd7eaf89f146d6b44d370ee7df4202a30bafac8d045ab0c37f3
SHA512

4bdf7d301e69f2cc9d6fb119d7a6ecfe89f0f8786b6194d88097702a4a6baf1e2537ff0e1045f01a9e1c8393f7e903672c757bb8555edf0294970bfc5d3f2bf0
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHhpq5vOz:yBs7Br5xjL8AgA71FbhvsKvOz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	476f52f7d1eb6dd7eaf89f146d6b44d370ee7df4202a30bafac8d045ab0c37f3.exe

C:\Users\Admin\AppData\Local\Temp\476f52f7d1eb6dd7eaf89f146d6b44d370ee7df4202a30bafac8d045ab0c37f3.exe
"C:\Users\Admin\AppData\Local\Temp\476f52f7d1eb6dd7eaf89f146d6b44d370ee7df4202a30bafac8d045ab0c37f3.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2552-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download