152ccfeb1380caa694242e2d1a085212187491a8c978840ad7b3389bf89bf2bb

Analysis

max time kernel
72s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

152ccfeb1380caa694242e2d1a085212187491a8c978840ad7b3389bf89bf2bb.exe
Size

2.0MB
MD5

3f0ff9dc9885a6f7bb7e31b2e0ca0d71
SHA1

aedee0fa0029e7915acf867c81dc90314dcaac45
SHA256

152ccfeb1380caa694242e2d1a085212187491a8c978840ad7b3389bf89bf2bb
SHA512

31238420d78833d4ab12561c2a39ba3c0ce448d48cbd9ba8c6355e52f909f8fdea42354e429f0582470fa43410d2493e6bdce14e1704f17b97555bb97314ef1a
SSDEEP

49152:sVAbwKJZfirDD3z7rIfNIhwMyJYUJb1kT2:gAJjsDD3DQN4w9JYU/M2

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2984	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	152ccfeb1380caa694242e2d1a085212187491a8c978840ad7b3389bf89bf2bb.exe

C:\Users\Admin\AppData\Local\Temp\152ccfeb1380caa694242e2d1a085212187491a8c978840ad7b3389bf89bf2bb.exe
"C:\Users\Admin\AppData\Local\Temp\152ccfeb1380caa694242e2d1a085212187491a8c978840ad7b3389bf89bf2bb.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2424
- C:\Users\Admin\AppData\Local\Temp\7zS879E3CA7\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS879E3CA7\setup.exe
  2⤵
  - Executes dropped EXE
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS879E3CA7\setup.exe

Filesize
5.1MB

MD5
00f4da8f53fd86644a164ebfcf1fe357

SHA1
070450f81211cab4a9965bef26b0c666e34a8a9d

SHA256
9ec14b351477818405918c635bb6d8b3799b46b29fc389d513bd44a72a85dc20

SHA512
5c1b6a182b90483bc4cc6360481aac1789e9e0d660d1eaccec102ba73a18d948afa2ebc0abeb01cbceee7be0c305f4f9a1f8d3e22b437399bbcef4f287f9cbdd

Download Submit