ac94e0823a9df68992f0ae1840ec3d2c1fb118a861e55d6791273cadfe8d03e8

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac94e0823a9df68992f0ae1840ec3d2c1fb118a861e55d6791273cadfe8d03e8.exe
Size

1.1MB
MD5

f4de59f61d77085c61a8f55399d68548
SHA1

6bafcb4f6ecaceb37d01d301cb300ab38f0553c9
SHA256

ac94e0823a9df68992f0ae1840ec3d2c1fb118a861e55d6791273cadfe8d03e8
SHA512

0b085a98da4801745e5b8c36d22990004028b5dae1a2437d5eb4c453d0d9dce353987b6db975d4264670748a032c157519f04ac7ffeef31287fcb932d7c2470a
SSDEEP

24576:bTLmn7auipMt1DUMIk1C0zBddcLIiHXzz1:wauiv0zBkLIijz1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ac94e0823a9df68992f0ae1840ec3d2c1fb118a861e55d6791273cadfe8d03e8.exe

C:\Users\Admin\AppData\Local\Temp\ac94e0823a9df68992f0ae1840ec3d2c1fb118a861e55d6791273cadfe8d03e8.exe
"C:\Users\Admin\AppData\Local\Temp\ac94e0823a9df68992f0ae1840ec3d2c1fb118a861e55d6791273cadfe8d03e8.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2112-0-0x000000007485E000-0x000000007485F000-memory.dmp

Filesize
4KB

Download
memory/2112-1-0x0000000000850000-0x000000000096A000-memory.dmp

Filesize
1.1MB

Download
memory/2112-2-0x0000000074850000-0x0000000074F3E000-memory.dmp

Filesize
6.9MB

Download
memory/2112-3-0x0000000074850000-0x0000000074F3E000-memory.dmp

Filesize
6.9MB

Download