b400646b418c7800cc0ee3088f4bc39b589acd5566d1135ef433c73b5a5c3d59

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 19:49

Target

GoogleUpdate.exe
Size

152KB
MD5

0bca3f16dd527b4150648ec1e36cb22a
SHA1

842ae39880c3c0bc501007b42949950c3d3b7ed3
SHA256

b60e92004d394d0b14a8953a2ba29951c79f2f8a6c94f495e3153dfbbef115b6
SHA512

516e1c9313aaf1d49223a3c06677bdbe5e4f9df392c12696a9eeb086634cf60c42a9c330e2d1095f1e6fdd1f16d2a6a13c9d28110155469159f0959897dff164
SSDEEP

3072:UAt2Sk2m5oyiTOZQvfSERdX9Zk8AtB+llojrWTMK12XdjWtVAlR8yVciqFltCT34:IxwjRsB+Fqo

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

GoogleUpdate.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GoogleUpdate.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe

C:\Users\Admin\AppData\Local\Temp\GoogleUpdate.exe
"C:\Users\Admin\AppData\Local\Temp\GoogleUpdate.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1288

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4680

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact