94c1ff5c8d0793ca65492a4bfe47ba1731fea45c22d47abaddba892f091d3bad

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 21:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8fdeef055f2cf355eec4e9ca901ab810N.exe
Size

77KB
MD5

8fdeef055f2cf355eec4e9ca901ab810
SHA1

2e6d85bedf11e9ad2aeb4f16e39e9834a9b07d9e
SHA256

94c1ff5c8d0793ca65492a4bfe47ba1731fea45c22d47abaddba892f091d3bad
SHA512

b25938946daca51b1eb6e9fef644900e72860bd4ffa1d67db338eaa01ac1859edcf7ce06772ef9a4d77b0e3be4f617f42ee1bdf564a903a85e86d0a02bc98487
SSDEEP

384:yBs7Br5xjL8AgA71FbhvJUfWGUfpa4ma4LGXnlGXnlYAE7/EQFsK3KGL+cnr:/7BlpQpARFbhiWbWYqY8KawB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8fdeef055f2cf355eec4e9ca901ab810N.exe

C:\Users\Admin\AppData\Local\Temp\8fdeef055f2cf355eec4e9ca901ab810N.exe
"C:\Users\Admin\AppData\Local\Temp\8fdeef055f2cf355eec4e9ca901ab810N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4824-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4824-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download