365a7e6b041a733d992488fbd11d3a06ce19de1a94c11a16f5cc8f287b7c3011

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49630168d264eaf442a51ac629b22598afb6d9e127a7c2313f5fa13be41c95dc.exe
Size

482KB
MD5

ccab8be1b5d0ec4ede3ecb02a9551180
SHA1

f170b1ad7d2aaee7d81c820d5a9d20877b7cca9c
SHA256

49630168d264eaf442a51ac629b22598afb6d9e127a7c2313f5fa13be41c95dc
SHA512

c2861c1cd105a8682926671beb0b622ca8c536e6c94f96876c96aecd794aabaa15c01fedb3e66210246d15096836e2f1cecf878a336fa8029c9ac07c39f508e4
SSDEEP

6144:bTz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZmAX4cr2T4:bTlrYw1RUh3NFn+N5WfIQIjbs/Zm5T4

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	49630168d264eaf442a51ac629b22598afb6d9e127a7c2313f5fa13be41c95dc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2880	49630168d264eaf442a51ac629b22598afb6d9e127a7c2313f5fa13be41c95dc.exe

C:\Users\Admin\AppData\Local\Temp\49630168d264eaf442a51ac629b22598afb6d9e127a7c2313f5fa13be41c95dc.exe
"C:\Users\Admin\AppData\Local\Temp\49630168d264eaf442a51ac629b22598afb6d9e127a7c2313f5fa13be41c95dc.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\remcos\logs.dat

Filesize
144B

MD5
18d2db63a5b71f8414d10a119386a4b1

SHA1
354b9a8f4237b7149f122197ec64f518ffe1cfcc

SHA256
cc65c6f3de5f2c0a7bffebf2dca5de0e31072186ac3980c921dda69be2a88c4b

SHA512
226cb01354a41da316a93d49c0e918175063778a865d7c66ff5aefe76c37ef4b2fd6d4c3c03447a933d587e0d9f11007a1846998c9774e08ab6baf8bb2146e8b

Download Submit