dda14413450a11f336a8305cf274943d614905c3429d4f0efeffe6bf4b8b7bdc

Analysis

max time kernel
129s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0468127a19daf4c7bc41015c5640fe1f.exe
Size

121KB
MD5

0468127a19daf4c7bc41015c5640fe1f
SHA1

133877dd043578a2e9cbe1a4bf60259894288afa
SHA256

dd1792bcdf560ebaa633f72de4037e78fe1ada5c8694b9d4879554aedc323ac9
SHA512

39cec4cdc9e2b02923513a3f1bc3ac086b0598df77c7029493a810dfbe40c946fa62905d1dcb80aba87c9e74677aac893108faa94e027c261aff7d388bbdcdfc
SSDEEP

3072:5HYBf8YzKw/MHfBTU3eiu0B/qIbmuvFT8whrQnFW:5HY70Bou0B/q6IOrQnFW

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0468127a19daf4c7bc41015c5640fe1f.exe

C:\Users\Admin\AppData\Local\Temp\0468127a19daf4c7bc41015c5640fe1f.exe
"C:\Users\Admin\AppData\Local\Temp\0468127a19daf4c7bc41015c5640fe1f.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2116-0-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download