55ebc274b47d8938f552dcd67841c56792243734f7773c8231a4faeb6d71f92d

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 23:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55ebc274b47d8938f552dcd67841c56792243734f7773c8231a4faeb6d71f92d.exe
Size

2.0MB
MD5

3d8b8dd6f83acee7ca8115a66ed82e57
SHA1

ea6640d692722773eb4b76c611bdbf35b7811bac
SHA256

55ebc274b47d8938f552dcd67841c56792243734f7773c8231a4faeb6d71f92d
SHA512

5db1d8b3db4da6cc977f02dcbd33e806d05e85f24a3c0bcaa633eae98a6e208b81c277ca0a6f9b0c28d927cacf6f2142c18435925e5f135632c5959e205e06e0
SSDEEP

49152:TVAbwuGwKOco09gsJcxlV8fTguPOAItUIrhO5Ov:5ApQx5+Mc27g9tfoMv

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2184	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	55ebc274b47d8938f552dcd67841c56792243734f7773c8231a4faeb6d71f92d.exe

C:\Users\Admin\AppData\Local\Temp\55ebc274b47d8938f552dcd67841c56792243734f7773c8231a4faeb6d71f92d.exe
"C:\Users\Admin\AppData\Local\Temp\55ebc274b47d8938f552dcd67841c56792243734f7773c8231a4faeb6d71f92d.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2344
- C:\Users\Admin\AppData\Local\Temp\7zS82972BA6\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS82972BA6\setup.exe
  2⤵
  - Executes dropped EXE
  PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS82972BA6\setup.exe

Filesize
5.2MB

MD5
44908c157516d82119d84a3b1c4a31f7

SHA1
dea19891d14b4e3598844f624c919b0dc5ce236f

SHA256
be21539218a31ff278f218a172b9972f4d8978a281387acdadf9a25b86e30b1a

SHA512
5a83d45533202ba573941d041619bd7f17e997f352f73528029d1f07da9a26c4f50f1cf77c822f972b596fa75bd2eeb0bca8170d89343d8b590ba869be058106

Download Submit