e00b8b2b7c0d063820ad1d6b29cb7fa3d4c85c53dd53040bda11d8190835eb8f

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Skins/Windows 11 Start Menu/@Resources/Application/RunAndHide.exe
Size

419KB
MD5

2edecfdc3820dc278c16b7b97b07f125
SHA1

c06c854a1178bf95017d78115598ef4402ea30f0
SHA256

4a179beb18b5191529c2bb3fc2b5ccceafcd61e21c78f92a5c1bff094a948558
SHA512

458cb1b361568fcdefa65ccc0ef2944b6dd36654f5f11ab95316629bd41a8be28a4fdd06327275420bdd53183d9fbb5cfcd167b67041be6ebd5ea7a6c304b2b4
SSDEEP

12288:wNIQAPGsAqY9IMVYd38sJdpQHlGlY8KfTJ:5PGSY91VwNJcFMqTJ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RunAndHide.exe

C:\Users\Admin\AppData\Local\Temp\Skins\Windows 11 Start Menu\@Resources\Application\RunAndHide.exe
"C:\Users\Admin\AppData\Local\Temp\Skins\Windows 11 Start Menu\@Resources\Application\RunAndHide.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads