0cbc884798d77cff0406bacd47fbbfd09e5d159e9dae20df43977dc29e9e32b7

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cbc884798d77cff0406bacd47fbbfd09e5d159e9dae20df43977dc29e9e32b7.exe
Size

129KB
MD5

46c449fdbebfb1c79e98fb4a5284bd09
SHA1

2e12a473501b7506c19e6bad11c3a98de0a89987
SHA256

0cbc884798d77cff0406bacd47fbbfd09e5d159e9dae20df43977dc29e9e32b7
SHA512

4d1ac4a1265d14772f47414693db4c396bb9d77c6d6a2dbdb41b997c248a6abbbc6662b4c623d0838532b04d888b35473d2e6e485ef65eca2dc22bd6afc96d32
SSDEEP

1536:/7ZQpApq1UTmXadjUSbcDemTPAZk+cLtdNlb9PfgDOayxaJtJa:9QWpd6W2QZwS7DY

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0cbc884798d77cff0406bacd47fbbfd09e5d159e9dae20df43977dc29e9e32b7.exe

C:\Users\Admin\AppData\Local\Temp\0cbc884798d77cff0406bacd47fbbfd09e5d159e9dae20df43977dc29e9e32b7.exe
"C:\Users\Admin\AppData\Local\Temp\0cbc884798d77cff0406bacd47fbbfd09e5d159e9dae20df43977dc29e9e32b7.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2800-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2800-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download