05d60ad470c2c0edcc6260f1356be56db4ebb9035127027be2d5726534557bec

Analysis

max time kernel
96s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 13:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

238cc9c88de4d0581b79a2f468573750N.exe
Size

468KB
MD5

238cc9c88de4d0581b79a2f468573750
SHA1

846442c3fcfe1c5f74089349c42276ca0e648533
SHA256

05d60ad470c2c0edcc6260f1356be56db4ebb9035127027be2d5726534557bec
SHA512

6d3a0717e4f868a3bacf5d7923859396778213cd600eb89e88fbbef3303ed2d37feb1e37ee49976b3f432b0ac85af9df1a864b3981470879e751d217a38acfbc
SSDEEP

3072:PT+rogldjf802bYk8zhj3Nr/k/ujVIpjmDHevVFZ2Q535Gw6K/lC:PT6oak0238dj3NP0bB2QBIw6K

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	238cc9c88de4d0581b79a2f468573750N.exe

C:\Users\Admin\AppData\Local\Temp\238cc9c88de4d0581b79a2f468573750N.exe
"C:\Users\Admin\AppData\Local\Temp\238cc9c88de4d0581b79a2f468573750N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3128-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3128-1-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download