113f047fe2b15393e4aa854e1ccce6793b16bf315b248f319f74c60652b472f6

Analysis

max time kernel
109s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-08-09_553073e56171ff3fa5b47312cef74a92_avoslocker_hijackloader_revil.exe
Size

3.1MB
MD5

553073e56171ff3fa5b47312cef74a92
SHA1

f06f8b445a020282014ded39310a8e80dacffd3f
SHA256

113f047fe2b15393e4aa854e1ccce6793b16bf315b248f319f74c60652b472f6
SHA512

72ea4b3028b74d1795ebec8df7443915b473482bde48cf25c79d7ef5762eb9b8724ba4dc440bb6df61178310dae0be808df3019efd561d29f7f263eb43396d41
SSDEEP

98304:5DK9Iu7oNSS4Usp8KTmD58e+zMgdORYIa2KS+bb1YXkGJaELBf4t:xK99TmOBELhg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-09_553073e56171ff3fa5b47312cef74a92_avoslocker_hijackloader_revil.exe

C:\Users\Admin\AppData\Local\Temp\2024-08-09_553073e56171ff3fa5b47312cef74a92_avoslocker_hijackloader_revil.exe
"C:\Users\Admin\AppData\Local\Temp\2024-08-09_553073e56171ff3fa5b47312cef74a92_avoslocker_hijackloader_revil.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp123_downloader\Cache\e579e53\config.ini

Filesize
1KB

MD5
cc638c7a93d6d5682956cc48910bffd5

SHA1
388807126b0b9f912af919a9719601117b461103

SHA256
12e76ee71a517cf4e6d837fbf3c52f353afaf6f25e074da20dbef137d1685df1

SHA512
93c9f975f7118024117446d75a4a1d44c284826ac1bc1eab30a979d60c9a247844ca0db2ef8f9f9d8926e0a7e546f7241cd91e73d7312a25c7c7f419aeb511ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp123_downloader\Cache\e579e53\language\en.ini

Filesize
2KB

MD5
9cf0e9a850b535207d90c57a2ff05e8e

SHA1
b00ae204afc9aa0ac4bdf242164e1118e9a472df

SHA256
2724be92e3c9fe39205c5204047b34576219a2f8da169b269a32215414e0ff4e

SHA512
750b8c5119fc42e1d945781b944ca3ea0476d355f342fc37e4b031593ee41add5fe1d9f5e0b3ea1f6e87293598c5181d4679d7485318bcb54b5fa35c5e437640

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp123_downloader\Cache\e579e53\language\language.ini

Filesize
1KB

MD5
6f0637a15fcb6ca61286ac0379d78c7c

SHA1
ed7faa340a99d9f400492259fe41b682b4ca2bf6

SHA256
892b7da79a7b4c1d9eb1377e47c522b069df22955fec8cbe929d0ad99912f7f0

SHA512
05890b5f47312e9b1f56ff208d6264170f3835650c5f17fdb42bb816fb760516cc7ab14cad0789d2c044a7ab859a8a1cd91f8b936d43bc4f1450c406d1a1e7ec

Download Submit