1f9261f2f87eab4044de95751e75707375c5be39b30a2b6e27043a57035386e2

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f9261f2f87eab4044de95751e75707375c5be39b30a2b6e27043a57035386e2.exe
Size

2.0MB
MD5

cdff9b026860755809811476a02efc46
SHA1

e30423e5d21d2ab9a7c2e7a86bd42de2fd4687f9
SHA256

1f9261f2f87eab4044de95751e75707375c5be39b30a2b6e27043a57035386e2
SHA512

9e8f57b5955c5eccc6b07e5edcf8520165856163635fb12d5f0762599a99473b1413c3f0d7cb12e1d68d69595c3da38d13582e3845bb3981643328cac36a156a
SSDEEP

49152:gVAbwUQUFD1VR+zbTPDyoW53zJJfvRCYd60p9e9bldMi:MACQZGbo1HRCYd6b9x+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2180	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1f9261f2f87eab4044de95751e75707375c5be39b30a2b6e27043a57035386e2.exe

C:\Users\Admin\AppData\Local\Temp\1f9261f2f87eab4044de95751e75707375c5be39b30a2b6e27043a57035386e2.exe
"C:\Users\Admin\AppData\Local\Temp\1f9261f2f87eab4044de95751e75707375c5be39b30a2b6e27043a57035386e2.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1464
- C:\Users\Admin\AppData\Local\Temp\7zS8B5665C6\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS8B5665C6\setup.exe
  2⤵
  - Executes dropped EXE
  PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS8B5665C6\setup.exe

Filesize
5.1MB

MD5
96be1b5fb15ec0912b8de6133d283180

SHA1
86d5f8af9018f27045389a48a66dffa7e1f8daf1

SHA256
04eead61515be0515643281aa8f29809facddd419c5bc06450d031d64e60461c

SHA512
c649720a6ac4409b32663f9987aca971e1475b7e30c2b7c2c31467a1214228f8d93f154580b0436933f86f998e8079d0df7e2f67b20adfa2aaaaff075a16ed32

Download Submit