806cfeb1fdf483e6fabfa812ceb168fc45528b28ec4a6dd3c8a305a6c307ca94

Analysis

max time kernel
140s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

806cfeb1fdf483e6fabfa812ceb168fc45528b28ec4a6dd3c8a305a6c307ca94.exe
Size

205KB
MD5

5045316b204ff4bc31c5a1172bc53f86
SHA1

582761a44694561b4ebb4bb67b35b61d04a1ff92
SHA256

806cfeb1fdf483e6fabfa812ceb168fc45528b28ec4a6dd3c8a305a6c307ca94
SHA512

feb1e11569b303d8d97b60f7ac31be6cdc822d8bae5919c5451cfcd54a4fc0d42c9570cda1b34e64291a021caea058d9bdcb8aade773ddbee6cd66fe6ef5f235
SSDEEP

3072:25HGsknvMXb2HGDjfSOAPMSlAY+D8V9EN2UJxs78J3mqMuUtX/j5GWR4rqqgTgys:uH9kvMXb4UTAbZEoWJWqUtlfRWk

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1108	806cfeb1fdf483e6fabfa812ceb168fc45528b28ec4a6dd3c8a305a6c307ca94.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	806cfeb1fdf483e6fabfa812ceb168fc45528b28ec4a6dd3c8a305a6c307ca94.exe

C:\Users\Admin\AppData\Local\Temp\806cfeb1fdf483e6fabfa812ceb168fc45528b28ec4a6dd3c8a305a6c307ca94.exe
"C:\Users\Admin\AppData\Local\Temp\806cfeb1fdf483e6fabfa812ceb168fc45528b28ec4a6dd3c8a305a6c307ca94.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\V5081815.ssf

Filesize
247KB

MD5
5b5c1a144cbbd8d0e7d0c9b59fef3975

SHA1
23fe96f52ad151e8534db9c8f8cc7f58aa9c5578

SHA256
50568d62d015bf76e729b4b544b8bb4c6c4683a83359a21746112f0f44d26e3d

SHA512
07e35874f7de7cdfecb4a7490e795dfc038223c8e79258386f19d82156fa89303b20fc7f4604e3764c4ed64b779bff49a5dcfa2a3fb1ace5243e716c0e23c218

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ad31C1.dll

Filesize
60KB

MD5
8e1c774d6eaf5c6f81eae825a830f9a4

SHA1
2cffef75ded596c831796420a693f73d8d6178f3

SHA256
f2b6610488ce477e48066586d8f2a742ed45eae31742e9a328807df8c60f561d

SHA512
fd638112cd20b9fbc5aa413d56fedf24ead620ceca08942b3d73d6b2a08df6e618fc38816f4c5d43078ad5cd15c1f5ee6f594da5a9d1defc8b88692a04f5d726

Download Submit
C:\Users\Admin\AppData\Local\Temp\~~adtmp~\_ad31C1.adx

Filesize
198B

MD5
fa3ff2b1a7e26803fc8869924826bb3b

SHA1
bdcc27c609e17e977d3baa15f585e8262a3274a3

SHA256
a26e08a2d0ae5430ddd5107729ba451a46b624a1c9e95a3a963a04f89006ca80

SHA512
240bb895d023897b1f947c70ab9fb3d36d37ac3b11a810f0c0d64e0e9e195551fb83ed94286ac403f75bd6fba608e16c8fcdb33341f90661f04876ff5d5f8b62

Download Submit
memory/1108-354-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download