4fb17ba8b6943800a972385c7fde7e8e45fc4b1a6b6edfb0dcdad3671243f480

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 05:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

temp/modules/netdict.exe
Size

2.0MB
MD5

7a0691b3541522327c9c0fcdac0acd37
SHA1

4c20861ec41b96b568e0d9256735d27e4bf3236a
SHA256

501c4258839ef9c9baf8d5f5e1eceb321ac5b403e99430352736e96c9248243c
SHA512

fa7517064f519e19f79db9184dae342e095c8f962f1bf3445aacf95de5dbfb7ce8e408553d6b5813698a9ba30d52860b0ffea8d8201f8abec398b3cacbb55952
SSDEEP

24576:8/xEbl2ZH/3Df2fVNR+z32S9Wyss8TuXaKdxh3CM9YmrPVaEQb2YMhZNlEnb90lC:8/xmYZfDf/rwyrqKsM9FZezjTkb38

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netdict.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2060	netdict.exe
2060	netdict.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2060	netdict.exe
2060	netdict.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2060	netdict.exe
2060	netdict.exe
2060	netdict.exe
2060	netdict.exe
2060	netdict.exe

C:\Users\Admin\AppData\Local\Temp\temp\modules\netdict.exe
"C:\Users\Admin\AppData\Local\Temp\temp\modules\netdict.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\temp\modules\KwData\NetDict\user.ini

Filesize
76B

MD5
c243fe033def5b2f99046deff8d6a4f5

SHA1
b71285824c30c838061571501e36b6ced9521887

SHA256
56980010d53aee7e392fcb3fdfbf9e90150ed0a3b2154f5f11a8533435eec2f1

SHA512
87934eb77f2b1a7e62468c3f9128bc46059683555024ead5ee51e6e47f180b0e14fb5e2fb1c1354dc529bcc1e0ad92afc2fcf4262c6b526740005a53011661bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp\modules\KwData\NetDict\user.ini

Filesize
90B

MD5
23da6dc3e789726e960b3a3f16acd86e

SHA1
556e77038dfd7a39f447da150831948d245764ee

SHA256
fc9025051d078124c83414565922e9566529c243abde92dbadeb1fa43e7282e0

SHA512
fa64f4d78518fb750726b718aafdd16134956a9aa09d90290cb2d21934b1c49abaeb344f571cc2ce1357baaaa6d6037ae4ccd23c075580cfcaf23450c0d58182

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp\modules\KwData\NetDict\user.ini

Filesize
41B

MD5
b07dfff4f279fbaaa85b934423dc4cc6

SHA1
91347705dba5469c7caa21b2da7034e774ee2b61

SHA256
24f7d775cfba1c31c80c4ea2eadcd133bb09e6f542a571e669af6ba3dcffacda

SHA512
06c3350b30f65ebd09c4c8b499f4341c30d81fcdd6952c8bc600e2c103799cb1174a9394306ff9824fabb0450111f88f6c682eaf3bdffd4d1da36e48f5b12efa

Download Submit