6291dd55a99017f3283a31f41538ba93e0dbb174bb4af618d0d2b124b393b88f

Analysis

max time kernel
29s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
Size

3.1MB
MD5

2a8112a6f48bd41a7cf4c3a6c4cf42a0
SHA1

20a5e55ea7292e01d98146562931fdb8269e9acb
SHA256

6291dd55a99017f3283a31f41538ba93e0dbb174bb4af618d0d2b124b393b88f
SHA512

78d04b9871582256ef454c942aaafb8e57e7cb194f3f3b20fad5315c4ec7437c2a50e690278b3c9d05aaa2dd4d0a3e312e74fc7b2385332463537e6cb7131b28
SSDEEP

98304:G2cPK8SzPp4NE88c2TnCIII9rWecF7AbGCHQ6Z:pCKVEE88c2rIKWe9wC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe

Suspicious use of FindShellTrayWindow 12 IoCs

pid	Process
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
1884	2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe

C:\Users\Admin\AppData\Local\Temp\2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe
"C:\Users\Admin\AppData\Local\Temp\2a8112a6f48bd41a7cf4c3a6c4cf42a0N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...