847f0f5e71d536638fbd6c3141b0508c9f3ae1e1e4e9619ebc4e65b627a7c5d4

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 01:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

847f0f5e71d536638fbd6c3141b0508c9f3ae1e1e4e9619ebc4e65b627a7c5d4.exe
Size

482KB
MD5

0125adef6e9eed738ebac6e35c21c5ea
SHA1

ea37d0d7f4b5f9d8577ade5c1a2f9c6558c2ca2d
SHA256

847f0f5e71d536638fbd6c3141b0508c9f3ae1e1e4e9619ebc4e65b627a7c5d4
SHA512

49e6134cf459de8c9a778a511b03bd514b222c9c98849ffb1dffd315911eb095677ae4787132ec32a7cdaafffb68d44696ee2db55348c3c106b90a5a507549f7
SSDEEP

6144:STz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZBAXccrnT4:STlrYw1RUh3NFn+N5WfIQIjbs/ZBsT4

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	847f0f5e71d536638fbd6c3141b0508c9f3ae1e1e4e9619ebc4e65b627a7c5d4.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4308	847f0f5e71d536638fbd6c3141b0508c9f3ae1e1e4e9619ebc4e65b627a7c5d4.exe

C:\Users\Admin\AppData\Local\Temp\847f0f5e71d536638fbd6c3141b0508c9f3ae1e1e4e9619ebc4e65b627a7c5d4.exe
"C:\Users\Admin\AppData\Local\Temp\847f0f5e71d536638fbd6c3141b0508c9f3ae1e1e4e9619ebc4e65b627a7c5d4.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\media\logs.dat

Filesize
144B

MD5
a81b6e9d8f29c78f6d1f4f0ec3960cd0

SHA1
3bd97c2c1311d486fe3711b3c4f8d72addc3617f

SHA256
9bb5959ab651a7dcec7c88438e4acc23923174f93a5bee49cf18778705f8cd45

SHA512
5710bcc473cd4457af674001b122c2aca7b9d46f8ba7153e6c154d21e4c8ca975966f6fe6f9e5fe64f9935cb378a84154964ad8e69ab07849919299b1a067e0c

Download Submit