ca3058246d101f76631ebcae62f8204e0de0c6457f692596e54734f12c56c6c5

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/09/2024, 22:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

IMRODedallesDOCFPGJRLTIPFCJENDOCyaue.exe
Size

113.8MB
MD5

1ae2d568f72d1a29f368227968dd824d
SHA1

86c55673838a66a7e2b3d08d5dc14a36762ba298
SHA256

c02d39e1be2b2ce7349f5589ad65980eddf2b7acc9987ea358f3c1f3fe402f4e
SHA512

b196bf03e58bb350da2301406dc237e43fc0dc51851d94731ea9cce241cdb37b427b69395efaf215b27e3955b016a5ce7345ce5349f7482afc5b81f0fee8c114
SSDEEP

49152:pmwY922IecwPY5PmSaanAZoS06UqCDeuHyx+sibOJ4cfdoe3N8W4eHfLo6SC9/HR:pmFE29W5naanTcjx+s6eEne/d9Ify

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IMRODedallesDOCFPGJRLTIPFCJENDOCyaue.exe

C:\Users\Admin\AppData\Local\Temp\IMRODedallesDOCFPGJRLTIPFCJENDOCyaue.exe
"C:\Users\Admin\AppData\Local\Temp\IMRODedallesDOCFPGJRLTIPFCJENDOCyaue.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2380-0-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2380-2-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2380-1-0x0000000001160000-0x0000000002160000-memory.dmp

Filesize
16.0MB

Download
memory/2380-3-0x0000000001160000-0x0000000002160000-memory.dmp

Filesize
16.0MB

Download