f4dfcdf734da2917dd776d5e5af20d275cc6844c4854f5a9d992a39015ca293d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eREAD6.0Setup.exe
Size

7.6MB
MD5

3ae12127777829660cf918c1db8497d8
SHA1

d6fec2217f71a51845ae86d3f1d5a78ebb68c155
SHA256

10eea7edef5a15f5d76c860f52fef36a615530780234cf8b16505cc94bf34a76
SHA512

6292d1b7a6959619f69d8ece6f482dad1a4866923753cf4e175f1d3e95eb3b974fb7fdad9ed0bd8c49dead9861591932ebc0fdb28cb191adb3ec9e94bab91700
SSDEEP

196608:Qx3Nf2mpPeMwalZTrqU0pgO3C6xJp4xC4agHN57f9m3m:oNxmuFqU0pVyc4MgHf9t

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eREAD6.0Setup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2656	eREAD6.0Setup.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2656	eREAD6.0Setup.exe
2656	eREAD6.0Setup.exe

C:\Users\Admin\AppData\Local\Temp\eREAD6.0Setup.exe
"C:\Users\Admin\AppData\Local\Temp\eREAD6.0Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...