837b17ae52d356f7aa2fb6149494ed7b4b362227e8e986f609b0eebf4c545fd0

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-08-2024 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PECompact2/PEC2.exe
Size

105KB
MD5

7593604df86b5a5b416a55db8da157fc
SHA1

dd58df59b5b25d732aae05a519add17597c6f6b8
SHA256

bf6c6ba83461a9978697d7875e8f5ab46461115a5ea9015504ea5e8c908d1141
SHA512

c57206d3ebd1a2e2e6a46438f059dc6f32c9bb8ec0d65b8cabf8023157a3d6e819dc9a859ca52cf99e028a5b474fc154076a6e278eb37ae5ff21cdb391540b93
SSDEEP

3072:6bEK53BrfKfzSf7170c+4GCUTHSOCDILj38:yEK539KbYHITHSOv

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PEC2.exe

C:\Users\Admin\AppData\Local\Temp\PECompact2\PEC2.exe
"C:\Users\Admin\AppData\Local\Temp\PECompact2\PEC2.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1344-0-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1344-1-0x0000000000030000-0x0000000000032000-memory.dmp

Filesize
8KB

Download
memory/1344-2-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download