818d03cd6f348268d6609954eb3b4f9cd3ddc5e16165cacbb8fd416feb2d3d1c

Analysis

max time kernel
90s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 02:49

Target

resources/elevate.exe
Size

114KB
MD5

da2393135ecaaf42ca963f6823b76b3a
SHA1

da9923620a06f79db447ee00374682eeea55e267
SHA256

c0647826e2acd22951ce7ce1d7df9ac460948909520771140f629639df378421
SHA512

4826d6274641423a8851ec5e30963f19e7c8a6322b82e95219340601befd43e102ae4d89794d11f533f5d9bb36118f111ca8d2fbf5fafec4abcc86ed7effa7b1
SSDEEP

3072:AbbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlomO0:yPrwRhte1XsE1lb

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

elevate.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language elevate.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	elevate.exe

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1468

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact