ecb771b1f237796018128d21fcee16e3858d907b0979001547234dd307305809

Analysis

max time kernel
138s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ecb771b1f237796018128d21fcee16e3858d907b0979001547234dd307305809.exe
Size

709KB
MD5

7b9c6491588b7ef5db82ac0ffff0ac82
SHA1

96c4869a65a0a874c8c25c680ba412c426483e8d
SHA256

ecb771b1f237796018128d21fcee16e3858d907b0979001547234dd307305809
SHA512

13679b5f52c1fa22497ca82dd366e2d9800d41d6fe9bbad5c57639963b8d4660b79dabd4b78aefd3cc2d8b33e44cf8e9803d291de572bd32eebe4407c766153e
SSDEEP

12288:vZc08o70L43SZiHk/dg+vVeNFEIj2K+T4DPl0Tk7WhExQK:vZcEP3cMgdTVeNFygPJ7MEyK

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecb771b1f237796018128d21fcee16e3858d907b0979001547234dd307305809.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4784	ecb771b1f237796018128d21fcee16e3858d907b0979001547234dd307305809.exe
4784	ecb771b1f237796018128d21fcee16e3858d907b0979001547234dd307305809.exe

C:\Users\Admin\AppData\Local\Temp\ecb771b1f237796018128d21fcee16e3858d907b0979001547234dd307305809.exe
"C:\Users\Admin\AppData\Local\Temp\ecb771b1f237796018128d21fcee16e3858d907b0979001547234dd307305809.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\zoho\ZohoMeeting\log\MeetingLauncher.log

Filesize
1KB

MD5
85f8322fb2350dbbe9c58c1f0adf1d22

SHA1
4803072e3a3f8274bb378cff8e776be67e38506e

SHA256
8091b5d1a3cec1be9104670c8a93a63adf37e3bda232c46d994278fb7e091370

SHA512
97ac17b87c8442ce43465ae08f290e665b1bfd43d4cc4c0187663ae7b489083b794ce61d04aa1a1acde759b0d4153117116e1762670fd1f28cd3bcdf3a60aa7e

Download Submit
C:\Users\Admin\AppData\Local\zoho\ZohoMeeting\log\MeetingLauncher.log

Filesize
1KB

MD5
3298b8246c661e1eef93984b43cf3e3b

SHA1
382c2ecdd55525aad8c00c376d6ff076f8159fc2

SHA256
c6e2bf34fb4af6c2fa3fdd8064c968597ed74932456a0fcf3896f883f8bf1251

SHA512
27c984e7681369ac12ed286d8815afe29c32db1ffe0097a914b87c21243ddc4c61531d4202b166ae7d0899ee0e62af501f3c7a9e81ae244b8b00f2595624f07d

Download Submit
C:\Users\Admin\AppData\Local\zoho\ZohoMeeting\log\MeetingLauncher.log

Filesize
888B

MD5
234e8b5107f633bb4a709360483536c0

SHA1
234fddaf4dd0e564ccac2d2bca83da9fd63c373a

SHA256
fc7835f83bd8ab15b20c621a1268bd078e2527066293420357f3558f24914bf7

SHA512
3fbe4909e1c195e06f62b51188a348b322736ed728a166276435199094f55d28fef79db2d000d1894f835b7d015c03a7a85f3d7b80e067377b6f5f88db1c493e

Download Submit