d108974e3029016693e953795804f374449835e3120d9df068dbd3eb9fe55088

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d108974e3029016693e953795804f374449835e3120d9df068dbd3eb9fe55088.exe
Size

2.0MB
MD5

f769783b7d2ae1905fa99f36d05e1d93
SHA1

14c410f8414e263714106e5e65479cb2bc02e888
SHA256

d108974e3029016693e953795804f374449835e3120d9df068dbd3eb9fe55088
SHA512

a428e17e686debd7a1cf0d7c14492f91e10c832a30ec9d0f86ec04359f39188a4e97687badade029f35a7419e271fd70dcb427cadcb0cd08dc97d8ecc547b0dc
SSDEEP

49152:RVAbwUQUFD1VR+zbTPDyoW53zJJfvRCYd60p9e9bldMi:3ACQZGbo1HRCYd6b9x+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2212	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d108974e3029016693e953795804f374449835e3120d9df068dbd3eb9fe55088.exe

C:\Users\Admin\AppData\Local\Temp\d108974e3029016693e953795804f374449835e3120d9df068dbd3eb9fe55088.exe
"C:\Users\Admin\AppData\Local\Temp\d108974e3029016693e953795804f374449835e3120d9df068dbd3eb9fe55088.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2452
- C:\Users\Admin\AppData\Local\Temp\7zS4999A338\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4999A338\setup.exe
  2⤵
  - Executes dropped EXE
  PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS4999A338\setup.exe

Filesize
5.1MB

MD5
96be1b5fb15ec0912b8de6133d283180

SHA1
86d5f8af9018f27045389a48a66dffa7e1f8daf1

SHA256
04eead61515be0515643281aa8f29809facddd419c5bc06450d031d64e60461c

SHA512
c649720a6ac4409b32663f9987aca971e1475b7e30c2b7c2c31467a1214228f8d93f154580b0436933f86f998e8079d0df7e2f67b20adfa2aaaaff075a16ed32

Download Submit