2c4605f90421c53e63678c25714e765781d3f2bf8eeaec872a845bb2b6f84f14

Analysis

max time kernel
138s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$SYSDIR/Christina Milian.scr
Size

2.7MB
MD5

8c850f83c1a7c1b646216c3eb936073c
SHA1

67c8ffeddddf323bb1ab8853a1193ee2e03b2a3f
SHA256

bb1240ce9ffef22b3ac0c83e8ba543e47e783900f5226d82a2e499701d38c61f
SHA512

4661656c21b60342d8696444742d5179248b0c37d0044d0716a4f2fe8d7260ecb1c0c62354d25b9f81b1a7f163c2f83750f4ea88b7e024404e648e494a5751c2
SSDEEP

49152:DWlnTMWtF6xp0sn780TOG0sbkuOr/ly17LH7RD7az+VMWJ9mj/DzzopxZ:4nTJ9yT3OsDRDOz+R9EDgxZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Christina Milian.scr

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1180	Christina Milian.scr
1180	Christina Milian.scr
1180	Christina Milian.scr

C:\Users\Admin\AppData\Local\Temp\$SYSDIR\Christina Milian.scr
"C:\Users\Admin\AppData\Local\Temp\$SYSDIR\Christina Milian.scr" /S
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...