ab3dfe358ec86241aaca5885a9b585872da03b048cc0633a0165e44a84728355

Analysis

max time kernel
103s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4268dd3f4f0f30ddd1d896b5da46fd0N.exe
Size

902KB
MD5

a4268dd3f4f0f30ddd1d896b5da46fd0
SHA1

8de15eb54c638ca4276c24ea9ea2bd2d86229111
SHA256

ab3dfe358ec86241aaca5885a9b585872da03b048cc0633a0165e44a84728355
SHA512

de15ea0ff122ec8cc14fc425455d800a9d67921528ee2594c53fa833b2570d97fcca318557af42b848bed9819af9010199313aaa0d178403d4e8c6df653a200e
SSDEEP

12288:bIDw8a9eXpwZcEXGeyzWq7CjRm8Rm/DmYPfOA2HsKl/Wh3JTKw2oDnmcUhCb27t3:bH8aQAcwGeyzXwUHrmmGhITvK7CZOd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a4268dd3f4f0f30ddd1d896b5da46fd0N.exe

C:\Users\Admin\AppData\Local\Temp\a4268dd3f4f0f30ddd1d896b5da46fd0N.exe
"C:\Users\Admin\AppData\Local\Temp\a4268dd3f4f0f30ddd1d896b5da46fd0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...