6ad1835f4a03f110b2094ede277a362ccb36bef8613bffb0a07380e3a666f18c

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12-08-2024 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

engine/clamd.exe
Size

169KB
MD5

df3cd40ecf8d95fcd7c433f537431a88
SHA1

c97c527d732b9d966752ff486cf1374c3ede8e88
SHA256

feda71470424972eefd6036019fe1e00c253be24e8ed4a9445bf506f3c83b1cf
SHA512

a15b8ee48730c75b9409dbd6afdc9d8ebc6ede9f8e64ed16466d4b30975225ef5cec9f1727742694f41c1dbc6215ec46cd84277eb7ed0959da1a1afcc9b8d455
SSDEEP

3072:7T/0RBNdaqnoOkG2Z6vs7GIpRrwLm7dDhqQIUyT0B2Q:nKbbnDB2Z6vs7GIpRMqTbP0Q

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

clamd.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clamd.exe

C:\Users\Admin\AppData\Local\Temp\engine\clamd.exe
"C:\Users\Admin\AppData\Local\Temp\engine\clamd.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads