7be49ac5b097b10476ae16fa348dec7c372e1b6a1ca57966407cc01a5cad35f3

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CjccIjckPyeVrWf9LTyGH63rtEHCYLrdsK.exe
Size

1.8MB
MD5

edf5dbe2bba66b703b48abf6784d36be
SHA1

20721868d93c7d9a487cf8f343c9fd5d9ac6ca0b
SHA256

7be49ac5b097b10476ae16fa348dec7c372e1b6a1ca57966407cc01a5cad35f3
SHA512

a3b2d253db1b0c280a78be6fd2e43984289ca3769d33ba4098b2f5742bbad3f3951717e6e30ef35cc728e66ebc9cd27706c9b1cb5f8c9100360e9f6c6e6f1a5d
SSDEEP

24576:3G6kPkPUc6EsX/DLIQiZh3J3VaWxJxueRykyQPHajd:3pq/PiZh3J3VpVyZNd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CjccIjckPyeVrWf9LTyGH63rtEHCYLrdsK.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	CjccIjckPyeVrWf9LTyGH63rtEHCYLrdsK.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2732	OpenWith.exe
4660	OpenWith.exe
2248	OpenWith.exe
2820	OpenWith.exe
640	OpenWith.exe
5084	OpenWith.exe
1272	OpenWith.exe
1920	OpenWith.exe

C:\Users\Admin\AppData\Local\Temp\CjccIjckPyeVrWf9LTyGH63rtEHCYLrdsK.exe
"C:\Users\Admin\AppData\Local\Temp\CjccIjckPyeVrWf9LTyGH63rtEHCYLrdsK.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4620

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4660

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:640

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5084

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads