811251cbc873827a24f5cc0f2b197ae6b6a33d4421616d2bac6037808c669542

Analysis

max time kernel
105s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc27955d4b4495d10a4958614f55e260N.exe
Size

123KB
MD5

cc27955d4b4495d10a4958614f55e260
SHA1

bacf7feaea50d0c5c03625cac06a66a04914ad1c
SHA256

811251cbc873827a24f5cc0f2b197ae6b6a33d4421616d2bac6037808c669542
SHA512

e0503d124fd1fc1573d30bf2caf106d4769052f122ef896177b7dd437bd42033b0a963466b9abb37259a2d4782b420cb10d42e49c9e83bd254396930dc9d32ac
SSDEEP

1536:/7ZQpApYbRSpS8lPdA3NyaM62ot2oxQWW:9QWpySpSuPdA9yaMDT2W

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cc27955d4b4495d10a4958614f55e260N.exe

C:\Users\Admin\AppData\Local\Temp\cc27955d4b4495d10a4958614f55e260N.exe
"C:\Users\Admin\AppData\Local\Temp\cc27955d4b4495d10a4958614f55e260N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1900-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1900-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download