95dbd294f511335bb0b368c487abe48e8d72aa4b165cba94d32cef71a5e46916

Analysis

max time kernel
1509s
max time network
1486s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21-08-2024 19:34

Target

32/SbieSvc.exe
Size

312KB
MD5

b07ffe2f0e2134614572ed9a2f406233
SHA1

bfaa5bb3f677dfe39ccfb17d44a7c5192a545dd3
SHA256

7d65b996629d0137bdb2c173afb14b85f8a9cd9caa8912bd3727b0ac48192262
SHA512

69d8af6e6ffb2720ece1da6802d03e64ab66f0910e76a10fc93366d30c9857de63dd0f950117bd413c6620f9f684e466292c84fbc8f7cee28523b308457790b8
SSDEEP

6144:UUP8mY++yejbcaSNdWmLD4+7GWOXwaHQ81tokwWj5mTqce1oOsoalJ:RYryejc6mLD42swchtoGaLe6oan

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

SbieSvc.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SbieSvc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SbieSvc.exe

C:\Users\Admin\AppData\Local\Temp\32\SbieSvc.exe
"C:\Users\Admin\AppData\Local\Temp\32\SbieSvc.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3340

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact