d341d8f5894e643c82eb27dbdf85b06f0cbfeae8567f57d2be1b01b1f9d46e00

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 20:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

573690bdcf2c1bdfea969924ab85aa80N.exe
Size

43KB
MD5

573690bdcf2c1bdfea969924ab85aa80
SHA1

94572c68c6916f43e1231a4ae583ddd6b8aab2d7
SHA256

d341d8f5894e643c82eb27dbdf85b06f0cbfeae8567f57d2be1b01b1f9d46e00
SHA512

3e3a703333de33a17c995de6585c1ce98854d7764f8adc4806b5f91c8ad23c8172a8a1864cb76e2718cd1487f49a63764366dd08e7884d39e9741be75d2ee13f
SSDEEP

768:vV7M7iR2QK2eP6hGIqi06LeChWg8lFBAWszYioRo6lqHNVJ:viiYfixKg8F7xoC+J

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	573690bdcf2c1bdfea969924ab85aa80N.exe

C:\Users\Admin\AppData\Local\Temp\573690bdcf2c1bdfea969924ab85aa80N.exe
"C:\Users\Admin\AppData\Local\Temp\573690bdcf2c1bdfea969924ab85aa80N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1600-1-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download