d26141a8330a82efe86081cbde6e1c35c41f21bd6a39d0d37589a40f8aa78847

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

578cd31831588b88c33c2beb6d75b790N.exe
Size

9KB
MD5

578cd31831588b88c33c2beb6d75b790
SHA1

fe0f85f72707db6ea670038661b87fe4b32b0847
SHA256

d26141a8330a82efe86081cbde6e1c35c41f21bd6a39d0d37589a40f8aa78847
SHA512

8ba0e3a8f3a95bcbf39f0cadef9a0e1104257788f07fcc835298ebc39ed9bfda3fe0b47a0ecf993819be437ed18a8fb79079448f577a69af174aa1e565fc3844
SSDEEP

192:1lbpBr/K3/bxhcyUERcTuJ4ZLMkc2rge3mRWSUWJa:1l//K9aO4Fuc3mRWSUWJa

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	578cd31831588b88c33c2beb6d75b790N.exe

C:\Users\Admin\AppData\Local\Temp\578cd31831588b88c33c2beb6d75b790N.exe
"C:\Users\Admin\AppData\Local\Temp\578cd31831588b88c33c2beb6d75b790N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4784-0-0x0000000001000000-0x000000000100A000-memory.dmp

Filesize
40KB

Download
memory/4784-1-0x0000000001000000-0x000000000100A000-memory.dmp

Filesize
40KB

Download