c4438dceeb41bb94bcbe89ef19c44a2f27278bc5f120366188c68996fcd1cde4

Analysis

max time kernel
95s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a56b498b4960b2632f7dbdc2fec5d80N.exe
Size

133KB
MD5

7a56b498b4960b2632f7dbdc2fec5d80
SHA1

b6a0e7ac65caf8d7479975b9200c50cde739f2d9
SHA256

c4438dceeb41bb94bcbe89ef19c44a2f27278bc5f120366188c68996fcd1cde4
SHA512

1f3b58d79ab508b4625719933d44e3799aa43d397a3c41874802159958fb9abf6ad642059873de6ec6630ac505d3e8ef3aac25ee7813d078523f94a40b9426c7
SSDEEP

1536:/7ZQpApmi6n22U17tcj4asI9qfrSZlyzXOt/09srzH2oZdMNGo6q993n/:9QWpIn22iLIwuyKhr1nOX

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7a56b498b4960b2632f7dbdc2fec5d80N.exe

C:\Users\Admin\AppData\Local\Temp\7a56b498b4960b2632f7dbdc2fec5d80N.exe
"C:\Users\Admin\AppData\Local\Temp\7a56b498b4960b2632f7dbdc2fec5d80N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4744-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4744-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download