3a9e89373803e8e82655f102b5cf058f40939cfecc3d1025c46b4f2ed7ec890b

Analysis

max time kernel
140s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a9e89373803e8e82655f102b5cf058f40939cfecc3d1025c46b4f2ed7ec890b.exe
Size

28KB
MD5

293561e9b9ade0a6d348895b7419ccd4
SHA1

5573772bfa3b035f7995701278d8008a78a5f665
SHA256

3a9e89373803e8e82655f102b5cf058f40939cfecc3d1025c46b4f2ed7ec890b
SHA512

d713bc0f36bf748701adaab72d244dc736d39d7a2e43e065d6690dde93e2f4800f84f54d57a41a9cd9d7c7f183be1b33bcc1f72b919d145605a218260d2c6aaa
SSDEEP

384:ew2SWLeKa/4pKa1DLUYkAbEWpdU7Kp1WfKiojP/H2RFE5MXFPOMjULCbQKu0QWcz:e9GaQa1D3vp1qUjP/H2RFLPxU+bt34T

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\oobe\msoobe.err	3a9e89373803e8e82655f102b5cf058f40939cfecc3d1025c46b4f2ed7ec890b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3a9e89373803e8e82655f102b5cf058f40939cfecc3d1025c46b4f2ed7ec890b.exe

C:\Users\Admin\AppData\Local\Temp\3a9e89373803e8e82655f102b5cf058f40939cfecc3d1025c46b4f2ed7ec890b.exe
"C:\Users\Admin\AppData\Local\Temp\3a9e89373803e8e82655f102b5cf058f40939cfecc3d1025c46b4f2ed7ec890b.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\oobe\msoobe.err

Filesize
1KB

MD5
9b29f276a5c1930a65d33856588e6497

SHA1
180fbb77dd4b5a8b99f61003eaf26885a4665603

SHA256
a08d060a0b546b4f59567f22e48d7e33c8f84fd9b1a9b7d4f79f08f4d90ff46f

SHA512
b8c71ccfdaf1e586ee2162e721a3eecab058a0f7997d2b54538c98daf202e7e2f2013c272ab21632706cd8b783081e76c99a8372f321f7b1b10e6f014466a115

Download Submit
memory/2028-0-0x0000000001000000-0x0000000001011200-memory.dmp

Filesize
68KB

Download
memory/2028-23-0x0000000001000000-0x0000000001011200-memory.dmp

Filesize
68KB

Download