8426fd32ca58e7c77d51f9ee9f13dd84e7ef07ee1fe028b55fde07de922e905b

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2024 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8426fd32ca58e7c77d51f9ee9f13dd84e7ef07ee1fe028b55fde07de922e905b.exe
Size

463KB
MD5

d5d45b4ae11b5ec2bb29cd7530b8e248
SHA1

7b40a7d7aa20c8517fc96796e81cf85a2d3a9158
SHA256

8426fd32ca58e7c77d51f9ee9f13dd84e7ef07ee1fe028b55fde07de922e905b
SHA512

dece00e04e85d329c261c2d294d1b63f755b9a751b540bb21f1d52eef52241a49173e021ea2d4db97097e009290945a13eee576f6aca9a684d5a1d34e3ca59c0
SSDEEP

6144:pOFBH/FMNjt18F+9a/NgAeDB4CcOtKp03b13a4LJ+sAOZZPWXbTcU7Lyg:pOFtiNBuFgawDB4NOmuwsfZPELyg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8426fd32ca58e7c77d51f9ee9f13dd84e7ef07ee1fe028b55fde07de922e905b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3064	8426fd32ca58e7c77d51f9ee9f13dd84e7ef07ee1fe028b55fde07de922e905b.exe

C:\Users\Admin\AppData\Local\Temp\8426fd32ca58e7c77d51f9ee9f13dd84e7ef07ee1fe028b55fde07de922e905b.exe
"C:\Users\Admin\AppData\Local\Temp\8426fd32ca58e7c77d51f9ee9f13dd84e7ef07ee1fe028b55fde07de922e905b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GoogleAppUpdate\logs.dat

Filesize
144B

MD5
cd1c1c44117d79133a8cc36cc280100d

SHA1
22f9a1dc07acc48ce88e81844caeabaf58d42007

SHA256
0cf2fb9fa8489313d214b26e72210ed56b543f32d71a28c55fce9cb3ab7881c5

SHA512
f4436ea74fcb9848fc1e92aa2b968baaa7eb8c477459ff4c6dfabc1d7fb6fa3b112b55f2559717958259001c89f1de17ba64c7e60cef3374242d1fe442b0aa3d

Download Submit