2db44b086d860c51a4f45f43a739cd20fb0822189deb1c1cf13e4b5a3b05bc3b

Analysis

max time kernel
144s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/09/2024, 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bin/resolver.exe
Size

231KB
MD5

171c5648c202687345e5772f03c085c1
SHA1

f5b00c66c54d9fbeab4cb9d1a2c1e97bbe0e84b1
SHA256

3f88aaf4970547f2b93bec480c0bf375b8ec815a4f408fd146e08ca0b971f0b5
SHA512

3d200caa6cc8a93d570b576240fccdffff3d4b73f3b0e9c5e445e44e149f5fe4302a2bcfe762bbc2c53669acdefd5c3c8aefebf098f9942343af1ac62f4a2649
SSDEEP

3072:4Q41FKJnkgkOytb3Mi5eT+ORw+8kd4v6Ra3d/2rmgP0+c:451QJnaOW5e+ORck66Ra3durmJ+c

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	resolver.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1864	resolver.exe

C:\Users\Admin\AppData\Local\Temp\bin\resolver.exe
"C:\Users\Admin\AppData\Local\Temp\bin\resolver.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1864-4-0x00000000024A0000-0x00000000024B4000-memory.dmp

Filesize
80KB

Download
memory/1864-3-0x00000000017C0000-0x0000000001E2E000-memory.dmp

Filesize
6.4MB

Download
memory/1864-9-0x000000006C440000-0x000000006C489000-memory.dmp

Filesize
292KB

Download
memory/1864-13-0x000000006BAC0000-0x000000006BB85000-memory.dmp

Filesize
788KB

Download
memory/1864-15-0x0000000066941000-0x0000000066C92000-memory.dmp

Filesize
3.3MB

Download
memory/1864-20-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1864-21-0x0000000066940000-0x0000000066F73000-memory.dmp

Filesize
6.2MB

Download
memory/1864-19-0x0000000066240000-0x00000000662AD000-memory.dmp

Filesize
436KB

Download
memory/1864-18-0x0000000062F40000-0x0000000062F88000-memory.dmp

Filesize
288KB

Download
memory/1864-17-0x0000000001640000-0x00000000017BA000-memory.dmp

Filesize
1.5MB

Download
memory/1864-14-0x00000000017C0000-0x0000000001E2E000-memory.dmp

Filesize
6.4MB

Download
memory/1864-12-0x0000000063B80000-0x0000000063BAE000-memory.dmp

Filesize
184KB

Download
memory/1864-22-0x0000000066940000-0x0000000066F73000-memory.dmp

Filesize
6.2MB

Download
memory/1864-10-0x0000000000EF0000-0x0000000001634000-memory.dmp

Filesize
7.3MB

Download
memory/1864-8-0x00000000615C0000-0x000000006160A000-memory.dmp

Filesize
296KB

Download
memory/1864-23-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1864-30-0x00000000615C0000-0x000000006160A000-memory.dmp

Filesize
296KB

Download
memory/1864-49-0x0000000066940000-0x0000000066F73000-memory.dmp

Filesize
6.2MB

Download
memory/1864-55-0x000000006DEC0000-0x000000006DFE9000-memory.dmp

Filesize
1.2MB

Download
memory/1864-57-0x0000000070EC1000-0x0000000070EE4000-memory.dmp

Filesize
140KB

Download
memory/1864-58-0x0000000000401000-0x0000000000417000-memory.dmp

Filesize
88KB

Download
memory/1864-56-0x0000000062F41000-0x0000000062F69000-memory.dmp

Filesize
160KB

Download
memory/1864-54-0x0000000068D40000-0x0000000068D87000-memory.dmp

Filesize
284KB

Download
memory/1864-53-0x00000000024C0000-0x00000000025BE000-memory.dmp

Filesize
1016KB

Download
memory/1864-52-0x00000000024A0000-0x00000000024B4000-memory.dmp

Filesize
80KB

Download
memory/1864-50-0x0000000001640000-0x00000000017BA000-memory.dmp

Filesize
1.5MB

Download
memory/1864-48-0x0000000000EF0000-0x0000000001634000-memory.dmp

Filesize
7.3MB

Download
memory/1864-51-0x00000000017C0000-0x0000000001E2E000-memory.dmp

Filesize
6.4MB

Download
memory/1864-47-0x0000000061EC0000-0x0000000061EE1000-memory.dmp

Filesize
132KB

Download
memory/1864-46-0x0000000063940000-0x0000000063974000-memory.dmp

Filesize
208KB

Download
memory/1864-45-0x000000006B480000-0x000000006B4BF000-memory.dmp

Filesize
252KB

Download
memory/1864-44-0x0000000065A80000-0x0000000065AAA000-memory.dmp

Filesize
168KB

Download
memory/1864-43-0x0000000065140000-0x00000000652A3000-memory.dmp

Filesize
1.4MB

Download
memory/1864-42-0x000000006F480000-0x000000006F4EC000-memory.dmp

Filesize
432KB

Download
memory/1864-41-0x0000000062780000-0x00000000627DD000-memory.dmp

Filesize
372KB

Download
memory/1864-39-0x0000000062F40000-0x0000000062F88000-memory.dmp

Filesize
288KB

Download
memory/1864-38-0x0000000063B80000-0x0000000063BAE000-memory.dmp

Filesize
184KB

Download
memory/1864-37-0x000000006C440000-0x000000006C489000-memory.dmp

Filesize
292KB

Download
memory/1864-36-0x000000006EB40000-0x000000006EB64000-memory.dmp

Filesize
144KB

Download
memory/1864-35-0x000000006DB80000-0x000000006DBDC000-memory.dmp

Filesize
368KB

Download
memory/1864-34-0x0000000065840000-0x00000000658A3000-memory.dmp

Filesize
396KB

Download
memory/1864-33-0x000000006BAC0000-0x000000006BB85000-memory.dmp

Filesize
788KB

Download
memory/1864-32-0x000000006DC40000-0x000000006DCC1000-memory.dmp

Filesize
516KB

Download
memory/1864-31-0x000000006B200000-0x000000006B276000-memory.dmp

Filesize
472KB

Download
memory/1864-29-0x0000000068E00000-0x0000000068E60000-memory.dmp

Filesize
384KB

Download
memory/1864-28-0x0000000063080000-0x00000000630A8000-memory.dmp

Filesize
160KB

Download
memory/1864-27-0x0000000066240000-0x00000000662AD000-memory.dmp

Filesize
436KB

Download
memory/1864-26-0x0000000064AC0000-0x0000000064C4E000-memory.dmp

Filesize
1.6MB

Download
memory/1864-25-0x000000006E340000-0x000000006E393000-memory.dmp

Filesize
332KB

Download
memory/1864-40-0x000000006FE40000-0x0000000070008000-memory.dmp

Filesize
1.8MB

Download
memory/1864-24-0x0000000066940000-0x0000000066F73000-memory.dmp

Filesize
6.2MB

Download
memory/1864-2-0x0000000000EF0000-0x0000000001634000-memory.dmp

Filesize
7.3MB

Download
memory/1864-5-0x00000000024C0000-0x00000000025BE000-memory.dmp

Filesize
1016KB

Download
memory/1864-0-0x0000000001640000-0x00000000017BA000-memory.dmp

Filesize
1.5MB

Download