3ba81697302431ce4f09280c5b32bcdc3275874899f682756352317ec6cf3053

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

362a341ea58f2520e00f00dc9d7add80N.exe
Size

1.0MB
MD5

362a341ea58f2520e00f00dc9d7add80
SHA1

75af3abefd513728d1bc9adc2636888d561f4034
SHA256

3ba81697302431ce4f09280c5b32bcdc3275874899f682756352317ec6cf3053
SHA512

7a9fd90d1f817d5e54d73323aa5a614fd5b435f3861d8d2a0f32ed30ff2dd3463d5901d13617eb845f504104762e52b9a20089733c8e297346dbd16639feb852
SSDEEP

24576:zQ5aILMCfmARvKYYtJh8DXmB4thd9P6yZbquJC:E5aIwC+A8JhYZrC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	362a341ea58f2520e00f00dc9d7add80N.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2500	362a341ea58f2520e00f00dc9d7add80N.exe

C:\Users\Admin\AppData\Local\Temp\362a341ea58f2520e00f00dc9d7add80N.exe
"C:\Users\Admin\AppData\Local\Temp\362a341ea58f2520e00f00dc9d7add80N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2500-14-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-13-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-12-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-11-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-10-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-9-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-8-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-7-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-6-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-5-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-4-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2500-2-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download