33b453a8f19c4f4c9fd7a387e47ebc746d587ee652cceaf09cc0544c57063d49

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 04:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33b453a8f19c4f4c9fd7a387e47ebc746d587ee652cceaf09cc0544c57063d49.exe
Size

11.1MB
MD5

b8669c61091a80e9f4eb36fde40682b6
SHA1

f6c0b5fcc1ef0eb93fe81a2c1367e460f086c6e1
SHA256

33b453a8f19c4f4c9fd7a387e47ebc746d587ee652cceaf09cc0544c57063d49
SHA512

ef3c4e404b3b70e62d055d22446c64cfc93464f995429b9c32041e25c0e80334da52323ec15d3b7a36638b938c331f25a085c6cd81308c7d965dce16e97773d0
SSDEEP

196608:xNBBf4CVUzty90EBiCySPfT08UEVacQ+KndvBZp:dBf4CVUzx2yRwaWSd5H

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	33b453a8f19c4f4c9fd7a387e47ebc746d587ee652cceaf09cc0544c57063d49.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2400	33b453a8f19c4f4c9fd7a387e47ebc746d587ee652cceaf09cc0544c57063d49.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2400	33b453a8f19c4f4c9fd7a387e47ebc746d587ee652cceaf09cc0544c57063d49.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2400	33b453a8f19c4f4c9fd7a387e47ebc746d587ee652cceaf09cc0544c57063d49.exe

C:\Users\Admin\AppData\Local\Temp\33b453a8f19c4f4c9fd7a387e47ebc746d587ee652cceaf09cc0544c57063d49.exe
"C:\Users\Admin\AppData\Local\Temp\33b453a8f19c4f4c9fd7a387e47ebc746d587ee652cceaf09cc0544c57063d49.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\evb9225.tmp

Filesize
1KB

MD5
a4a8a3d1e2cc586b750cb49b1ebf69ec

SHA1
387cab9d26a64cdea80813c7cc340ae1d0d9886f

SHA256
0a9985f0a052c2eb12ad673b8faf644e58aff8ebf61e206d0dc1d97a46adafe2

SHA512
4661df38a0e4b7f485bde92487147abcded49a85db1a2738cd77aa283494c517784a9f278f45d5b0a6b2cfab8a73234d997d38e4ac6705ab99a31d4ab4e5bf8e

Download Submit
memory/2400-1-0x0000000000400000-0x00000000006FC000-memory.dmp

Filesize
3.0MB

Download
memory/2400-4-0x0000000065000000-0x000000006544D000-memory.dmp

Filesize
4.3MB

Download
memory/2400-2-0x0000000077520000-0x0000000077521000-memory.dmp

Filesize
4KB

Download
memory/2400-14-0x0000000010000000-0x00000000104AC000-memory.dmp

Filesize
4.7MB

Download
memory/2400-10-0x0000000010000000-0x00000000104AC000-memory.dmp

Filesize
4.7MB

Download
memory/2400-27-0x0000000067000000-0x000000006747D000-memory.dmp

Filesize
4.5MB

Download
memory/2400-23-0x00000000008C0000-0x0000000000931000-memory.dmp

Filesize
452KB

Download
memory/2400-17-0x0000000067000000-0x000000006747D000-memory.dmp

Filesize
4.5MB

Download
memory/2400-60-0x0000000000940000-0x0000000000984000-memory.dmp

Filesize
272KB

Download
memory/2400-67-0x0000000002890000-0x000000000299B000-memory.dmp

Filesize
1.0MB

Download
memory/2400-71-0x0000000002890000-0x000000000299B000-memory.dmp

Filesize
1.0MB

Download
memory/2400-70-0x0000000000400000-0x00000000006FC000-memory.dmp

Filesize
3.0MB

Download
memory/2400-64-0x0000000002890000-0x000000000299B000-memory.dmp

Filesize
1.0MB

Download
memory/2400-61-0x0000000002890000-0x0000000002994000-memory.dmp

Filesize
1.0MB

Download
memory/2400-56-0x0000000000940000-0x0000000000984000-memory.dmp

Filesize
272KB

Download
memory/2400-55-0x00000000026E0000-0x00000000027CF000-memory.dmp

Filesize
956KB

Download
memory/2400-47-0x00000000026E0000-0x00000000027CF000-memory.dmp

Filesize
956KB

Download
memory/2400-46-0x00000000003D0000-0x00000000003EC000-memory.dmp

Filesize
112KB

Download
memory/2400-45-0x00000000025F0000-0x00000000026DE000-memory.dmp

Filesize
952KB

Download
memory/2400-41-0x00000000003D0000-0x00000000003EC000-memory.dmp

Filesize
112KB

Download
memory/2400-39-0x00000000003D0000-0x00000000003EC000-memory.dmp

Filesize
112KB

Download
memory/2400-32-0x00000000025F0000-0x00000000026DE000-memory.dmp

Filesize
952KB

Download
memory/2400-30-0x00000000008C0000-0x0000000000931000-memory.dmp

Filesize
452KB

Download
memory/2400-35-0x00000000025F0000-0x00000000026DE000-memory.dmp

Filesize
952KB

Download
memory/2400-87-0x00000000009A0000-0x00000000009AE000-memory.dmp

Filesize
56KB

Download
memory/2400-89-0x0000000002850000-0x000000000285B000-memory.dmp

Filesize
44KB

Download
memory/2400-85-0x00000000009A0000-0x00000000009AE000-memory.dmp

Filesize
56KB

Download
memory/2400-84-0x00000000009A0000-0x00000000009AE000-memory.dmp

Filesize
56KB

Download
memory/2400-81-0x0000000003800000-0x000000000385B000-memory.dmp

Filesize
364KB

Download
memory/2400-80-0x00000000009A0000-0x00000000009A5000-memory.dmp

Filesize
20KB

Download
memory/2400-98-0x0000000003800000-0x000000000383F000-memory.dmp

Filesize
252KB

Download
memory/2400-102-0x0000000065000000-0x000000006544D000-memory.dmp

Filesize
4.3MB

Download
memory/2400-113-0x0000000003840000-0x0000000003891000-memory.dmp

Filesize
324KB

Download
memory/2400-111-0x0000000003840000-0x0000000003891000-memory.dmp

Filesize
324KB

Download
memory/2400-105-0x0000000066000000-0x0000000066040000-memory.dmp

Filesize
256KB

Download
memory/2400-96-0x0000000003800000-0x000000000383F000-memory.dmp

Filesize
252KB

Download
memory/2400-130-0x0000000004660000-0x00000000046C0000-memory.dmp

Filesize
384KB

Download
memory/2400-132-0x0000000002870000-0x000000000287B000-memory.dmp

Filesize
44KB

Download
memory/2400-131-0x0000000010000000-0x00000000104AC000-memory.dmp

Filesize
4.7MB

Download
memory/2400-133-0x0000000066000000-0x0000000066040000-memory.dmp

Filesize
256KB

Download
memory/2400-129-0x00000000038A0000-0x00000000038A9000-memory.dmp

Filesize
36KB

Download
memory/2400-128-0x0000000003840000-0x0000000003891000-memory.dmp

Filesize
324KB

Download
memory/2400-127-0x0000000002AA0000-0x0000000002AA9000-memory.dmp

Filesize
36KB

Download
memory/2400-126-0x0000000002A80000-0x0000000002A89000-memory.dmp

Filesize
36KB

Download
memory/2400-125-0x0000000003800000-0x000000000383F000-memory.dmp

Filesize
252KB

Download
memory/2400-124-0x0000000002860000-0x000000000286C000-memory.dmp

Filesize
48KB

Download
memory/2400-123-0x0000000067000000-0x000000006747D000-memory.dmp

Filesize
4.5MB

Download
memory/2400-79-0x0000000003800000-0x000000000384D000-memory.dmp

Filesize
308KB

Download
memory/2400-78-0x00000000009A0000-0x00000000009A5000-memory.dmp

Filesize
20KB

Download
memory/2400-77-0x00000000009A0000-0x00000000009A5000-memory.dmp

Filesize
20KB

Download
memory/2400-76-0x0000000003800000-0x000000000383C000-memory.dmp

Filesize
240KB

Download
memory/2400-75-0x00000000009A0000-0x00000000009A6000-memory.dmp

Filesize
24KB

Download
memory/2400-74-0x00000000009A0000-0x00000000009A8000-memory.dmp

Filesize
32KB

Download
memory/2400-73-0x00000000009A0000-0x00000000009A6000-memory.dmp

Filesize
24KB

Download
memory/2400-72-0x00000000009A0000-0x00000000009AA000-memory.dmp

Filesize
40KB

Download
memory/2400-134-0x00000000008C0000-0x0000000000931000-memory.dmp

Filesize
452KB

Download
memory/2400-135-0x00000000025F0000-0x00000000026DE000-memory.dmp

Filesize
952KB

Download
memory/2400-136-0x00000000003D0000-0x00000000003EC000-memory.dmp

Filesize
112KB

Download
memory/2400-137-0x00000000026E0000-0x00000000027CF000-memory.dmp

Filesize
956KB

Download
memory/2400-138-0x0000000000940000-0x0000000000984000-memory.dmp

Filesize
272KB

Download
memory/2400-139-0x0000000002890000-0x000000000299B000-memory.dmp

Filesize
1.0MB

Download