0c687c9b98e7514ab0869b4b841fff70d887f4f4ff6cc8d53553e846119667e0

Analysis

max time kernel
139s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2024 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c687c9b98e7514ab0869b4b841fff70d887f4f4ff6cc8d53553e846119667e0.exe
Size

4.8MB
MD5

26753d405e9e68ade6f441326ff5ec8f
SHA1

07b0e0992151e7d29c817229b1f5967dda8932bc
SHA256

0c687c9b98e7514ab0869b4b841fff70d887f4f4ff6cc8d53553e846119667e0
SHA512

bec8cc9b62c53b8b8c3ef50b03aa347dabece565152f59e8693be0505d61c31898cd35d4748e456f1cc0ebaec72bd77417fe2ee738adc8a1d20d163d4cfee134
SSDEEP

98304:dRMD4RWltFaPfLQB9qjZyb7dklpSGdQv5mBrtpr9Z8j6FvWRpN:H84OFaPDKqI7elJC6ZpFvQz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0c687c9b98e7514ab0869b4b841fff70d887f4f4ff6cc8d53553e846119667e0.exe

C:\Users\Admin\AppData\Local\Temp\0c687c9b98e7514ab0869b4b841fff70d887f4f4ff6cc8d53553e846119667e0.exe
"C:\Users\Admin\AppData\Local\Temp\0c687c9b98e7514ab0869b4b841fff70d887f4f4ff6cc8d53553e846119667e0.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Qt\json\uninstall\main_quit.png

Filesize
242B

MD5
83fd25097cd987750b25b705309a8dee

SHA1
593418acc78d89f0f99bf0cbfa636be9ccd055e6

SHA256
c477d6c6ae1f48da44d15d7ecd0c49189e31057604a47ec298de5189ad48dc60

SHA512
a3209b658a8873c60530f90374d066ffd2289f64c81babf67411828b144ea78fc9a6925dbdb3b56fc556bbb2b1ff10b6b5457aa7bf7ae8fcceb9fd653279ec44

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Qt\json\uninstall\main_quit_high.png

Filesize
180B

MD5
650163604c3d8153397c9d043bfe91f5

SHA1
7b64cf05ece78029248ea04ea10b42419837d441

SHA256
45a1277602c20ff8953a6a09f7fe9ed24f175f80d329f055b930b83b06af60ff

SHA512
381e52ef6a9269caf1b2feeffccb5a936f45395d361a476d904a27fcf626c46fdfe4fdab66768d5cfa910f9a59759da7f9edc131296bff477b419ce987a888c9

Download Submit