54fc27864211f75a83460de5faea593fa6fcde0254020057287d5b35d8724a03

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

汇博计件工资(2005-03-16-16-02)/Setup.exe
Size

287KB
MD5

f0f4b169a55232dd0d14bbc045efee58
SHA1

742fb1d7695c32bef753cf400a28ec604e62ebea
SHA256

5bb8f3036303a9c05502f6d5d290d0cd9e732317beaa8df712ec231fcc9ede2f
SHA512

af20e74f6a1847d295390c6d0800b9b4c24fb04f140efa78c6ac9177971b391ce3dbfb8454db70d54871d244fa8bb75672a032de41dfe48cafbbc9f3ff1d77cb
SSDEEP

6144:2TcGDp9ZFFqufHGbYUHAbVyzFD/JRPZq73S/extxUhHBb5Avr:SpHAYUPLJRF/q2ev

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

C:\Users\Admin\AppData\Local\Temp\汇博计件工资(2005-03-16-16-02)\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\汇博计件工资(2005-03-16-16-02)\Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1704-0-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download