2fe1d5c69ca5dc1d6f10c624066bf3a087b4b2e892b8cbc13b4ca78b9eef5248

Analysis

max time kernel
92s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/09/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe
Size

381KB
MD5

04fdde5016318cd46820977617f0a310
SHA1

d41c352db4e950e1e2fc60a6449e8d1ec85f84bc
SHA256

cd37956e700204e4d2329efe091697bbdb8021de5a03af00e815cb1466a1a53a
SHA512

91931c4dac5a02a1c92e613edf9921fd896214250174659bfe249d320b88852bd8836dd0c7dc0999fbc2cc72fd93da49f2518b5e22d735743eb6aa15b4fb503e
SSDEEP

6144:see1x99I2WtGme74km+xSzHYMBR+g8zBUGw4we137jTvb1iZbIf/oYOPiqfsuy9:seOHWtGYk4HZz+5BO4n7jTvb05tzsubr

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe

C:\Users\Admin\AppData\Local\Temp\CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe
"C:\Users\Admin\AppData\Local\Temp\CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:72

C:\Users\Admin\AppData\Local\Temp\CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe
"C:\Users\Admin\AppData\Local\Temp\CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4500

C:\Users\Admin\AppData\Local\Temp\CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe
"C:\Users\Admin\AppData\Local\Temp\CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe"
1⤵
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Velopack.log

Filesize
620B

MD5
bb99c62dfedcd37774a536a2cf54187e

SHA1
20505a7c7ebbcbb59004bda1b57f0f4da7354010

SHA256
ef97790e2818b132f230b580bdb13d5fd3cb028742ba1f31bb0bbe5177a41f86

SHA512
a3a139a45e6170179d13c71451887102598818b89ee72ee3cca2986382f8f594d2ca15af46b118829cada734d94ca36fdcddd0d79810b123fc5f19a1411a6beb

Download Submit