5eb1f564892380deb16973f028be7f7c8a29b9aaf760ba1569d50733789226cf

Analysis

max time kernel
133s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.exe
Size

644KB
MD5

f483c828be7396037775c2bf7ec8cc91
SHA1

4f1687cfa6b1eeb81dec19cc91a1e19e5f26b87c
SHA256

5eb1f564892380deb16973f028be7f7c8a29b9aaf760ba1569d50733789226cf
SHA512

38f0cf8661133b05027928e3bbb6b2bf84583a791127c7ea2762c7a9c117036692ed25c0d234a1e2662bb99d25c2cbb9882b430b00ef3fb702ec3756e3b7c6ae
SSDEEP

12288:oTe26ndY/oTF48vvlPrwQ2VkihtK+xVRaEagWKMLE:oC20dlDwlVkiht7VY7fKMLE

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4544	1.exe
4544	1.exe

C:\Users\Admin\AppData\Local\Temp\1.exe
"C:\Users\Admin\AppData\Local\Temp\1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...