6193b798be17fe58f45ace373e26fa5a41e50881dc021d35b4f0f6877f2801aa

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xwbf-v0.3.exe
Size

52KB
MD5

6be617b056e7cf4582f0d854cca74c5b
SHA1

0dd36f713426ff39d8ca5463d2ae4fb2723818e5
SHA256

b233de9773d11236d37e4789ff2e4dff18d68ea08a523745d712bc8f2a01723b
SHA512

9c12183c267cd58156ac6f79e8d30a39a629df990ed44b585d1cd1df5019694dc1677832feb31dcaa71785a10a7f426ba947456d6bab31337d370557f1d6466d
SSDEEP

384:SCOsorgc/Z3pUquxlenbtnpzgl9np2zTbCStMK1HaFnCkQy1SkY1BT4ga+stD6+H:p7/lebtn88bC7e3RqwTOVe+lv

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xwbf-v0.3.exe

C:\Users\Admin\AppData\Local\Temp\xwbf-v0.3.exe
"C:\Users\Admin\AppData\Local\Temp\xwbf-v0.3.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads