2109e6bfeee12bf8601a1a637f047988319420a77c565d72b5dc76075da02034

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2109e6bfeee12bf8601a1a637f047988319420a77c565d72b5dc76075da02034.exe
Size

2.0MB
MD5

d9231058cc25c0939a546fb71b9250b6
SHA1

b8f92cb86ad067524f8e46bf6e306fad108522a5
SHA256

2109e6bfeee12bf8601a1a637f047988319420a77c565d72b5dc76075da02034
SHA512

857f62bc264441fe1498b24e7525d799ee9a7ab152e2f7f65535ea78f16adb31e3da81718620a9321f00d5f28d9dde4f71c4abd382ff7498e070eaa4dde627db
SSDEEP

49152:jVAbwCTx2h3bfEF337LYkDNqxyAnEnNZeZpWV41ktqwaqawPoSSXPbOv:JARTsrfEd379NwyAENZe68kKKoRqv

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2772	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2109e6bfeee12bf8601a1a637f047988319420a77c565d72b5dc76075da02034.exe

C:\Users\Admin\AppData\Local\Temp\2109e6bfeee12bf8601a1a637f047988319420a77c565d72b5dc76075da02034.exe
"C:\Users\Admin\AppData\Local\Temp\2109e6bfeee12bf8601a1a637f047988319420a77c565d72b5dc76075da02034.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2668
- C:\Users\Admin\AppData\Local\Temp\7zSC6A814C6\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zSC6A814C6\setup.exe
  2⤵
  - Executes dropped EXE
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSC6A814C6\setup.exe

Filesize
5.2MB

MD5
f234c4f296e58a704363ba1b6547d2e1

SHA1
c7d18136a216d13684be54596f6e4d1a2e86f088

SHA256
f6e43c32e89ced0b6c0d88e620e23b80a4cc440a838a733ae880b078dd62458e

SHA512
64f1a44807f428c004b2e752b39aeb0e8b4310b713fbf90e31dbe16ef40c31866bdc5aa25e3bb6ecaa6523da4b412265cf74e149d20a2ef37d8addc816d14c9b

Download Submit