11f9b3d64028461862a72bb0353e70653825c4bb34d56f37600c1c5abcfea7b8

Analysis

max time kernel
94s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11f9b3d64028461862a72bb0353e70653825c4bb34d56f37600c1c5abcfea7b8.exe
Size

468KB
MD5

255804ad5b601b64cb04e80ee47229a4
SHA1

c17bcec91fab562ad688f919515620b2abb655fc
SHA256

11f9b3d64028461862a72bb0353e70653825c4bb34d56f37600c1c5abcfea7b8
SHA512

1ccf5f7a2f152fba4ae3a6c4b50a98917bbfdf4b8db92f2d117e68d8987e645bf0489da77ab4fbe053aba62804c51f89499305328e860753b1514ff0fd213a15
SSDEEP

3072:pO0sogKEIV5jtbY94Acd4f8w4ChHSppLJEHCxVWaQjZLK5qugulB:pO/oLjjtS4dd4fsfxVQj1qqug

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4576	3344	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11f9b3d64028461862a72bb0353e70653825c4bb34d56f37600c1c5abcfea7b8.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3344	11f9b3d64028461862a72bb0353e70653825c4bb34d56f37600c1c5abcfea7b8.exe

C:\Users\Admin\AppData\Local\Temp\11f9b3d64028461862a72bb0353e70653825c4bb34d56f37600c1c5abcfea7b8.exe
"C:\Users\Admin\AppData\Local\Temp\11f9b3d64028461862a72bb0353e70653825c4bb34d56f37600c1c5abcfea7b8.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3344
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 468
  2⤵
  - Program crash
  PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3344 -ip 3344
1⤵
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads