dfa82ea5c34f490581d37e0ddf2ef680b8da0c9e274528e579fed910b2ff1e54

Analysis

max time kernel
140s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Project1.exe
Size

793KB
MD5

15ab695eabd288735a396226765f3bab
SHA1

eb27d5e1e95e65205a91665cb8fde0d81ee6993c
SHA256

dfa82ea5c34f490581d37e0ddf2ef680b8da0c9e274528e579fed910b2ff1e54
SHA512

7b7c9f20f92a166d6a713c458755dd30e4a19b03f93fc9806d8f6c39a5a75b8ec1588c1db9f1cef6b6f7c4991214ead7f5aabaa1f8664d3babf31f9eb49645c2
SSDEEP

12288:sK2HBjjYyHezflcz1KpTFv+7KB0R/nXBOH9hr2/e/MXD9XCw/MXD9X:bgdja6BKTv+73VY7dkXZ5kXZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Project1.exe

C:\Users\Admin\AppData\Local\Temp\Project1.exe
"C:\Users\Admin\AppData\Local\Temp\Project1.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/244-0-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/244-2-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/244-1-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download