d2c8ec61ebff4b882cdc057ea2ae8484110734f77c21392dadce8a729d6747c9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-08-2024 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LoveString/ANSI_1.85/LoveString.exe
Size

57KB
MD5

0037059d8fbec2ab0f32bcd73ee1f3e9
SHA1

1e3e8bc72d056744ff4d1e8e49fb4ab220789937
SHA256

5b65fb0939b695afa8b11b3ab3b830024b1f933cd3a18ee5ae747618d7186577
SHA512

ee174d593828189cf3b3cdb94fd1e205e9dbefda8b4033d45ca7bb17b691c9172ec9ff21b05d70949261380edc32d996e3e3c3d04753e326e8299c23632e2ec5
SSDEEP

768:Sp8Hi0bvlr+e/FbHn7ElwVlTgaHYuaMpewgZTiL4o8gwi1Uz6io0PKyrNeWp:NBNbH/kaH3elJiLHEi1Um0hMWp

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LoveString.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2364	LoveString.exe
2364	LoveString.exe
2364	LoveString.exe

C:\Users\Admin\AppData\Local\Temp\LoveString\ANSI_1.85\LoveString.exe
"C:\Users\Admin\AppData\Local\Temp\LoveString\ANSI_1.85\LoveString.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads