996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4

Analysis

max time kernel
93s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4.exe
Size

942KB
MD5

6a64f9fe15021ab648eea9d5e5be3bb7
SHA1

fe17e487232267b3eb5186d1ac4b1f642a0d13aa
SHA256

996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4
SHA512

d223cc97c6cf63dbaa6cf267556b5177a38e3f9c86e687c2a5fda5fd3cb7cb1068295aa85347880c1656671b271ce8a31ae4921eac02e89c6dd3457dcd87495f
SSDEEP

24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8amywD:VTvC/MTQYxsWR7amy

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1804	996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4.exe
1804	996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4.exe
1804	996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1804	996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4.exe
1804	996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4.exe
1804	996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4.exe

C:\Users\Admin\AppData\Local\Temp\996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4.exe
"C:\Users\Admin\AppData\Local\Temp\996786f6ad0d73d336235084b3674d05cd68dffcfd76c707237e7a9f600923b4.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Adobe\PhotoshopPrefsManager-20240809-021156.log

Filesize
504B

MD5
7fc6188e67a5f1fe88630ba0f900172e

SHA1
5bf8be6b588f319a3ea1c13a7a769de42ceb4f17

SHA256
f132b585f6775d1e341eb576d58181658d1d0ec169cabeb31391c5b56f50e71a

SHA512
c1788e24fe07c4e2cc307992e243c63c064b845ea39d6cf7fe8a0688ab933ec4050f66099733e4b928bcbb3e4a5c76475e8e9687f1547473fcba22a419721e6f

Download Submit