875704cf9e7a31c5e9f99201fa7a2423ef05c9798ef58696af2d91b29ee45f93

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 14:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ftcsetup.exe
Size

15.5MB
MD5

057103da18c0dccf19b7e67f6e575206
SHA1

887afe56665f84a075631228164f4b852ea2ccd8
SHA256

fecdbaa3a77cef7308522b4cb61aea19aa6346422e325177d4ed25689caa4b77
SHA512

955f2f0b18a9bf174eb6832e61235b5407e6bc79bcddb082c13b96bb408f68ac1c90ae5d565172f8f59c9e852355366ad57b6c14ffcc867537aefa2ea7087cde
SSDEEP

393216:dbDP5X2DxeuvO6tTuhxcwkjpdFnQfcIiCObq5Qb/dN:dbRMTO0TuhxFMrBLCi

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ftcsetup.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4068	ftcsetup.exe
4068	ftcsetup.exe

C:\Users\Admin\AppData\Local\Temp\ftcsetup.exe
"C:\Users\Admin\AppData\Local\Temp\ftcsetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4068-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download