0c8ec6b3108602dc7ec85538d47c2c26b17ade8cf73022eaf1852654fca3803a

Analysis

max time kernel
92s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 05:51

Target

avgcfgex.exe
Size

321KB
MD5

36142f4057158c4269a94594c68c9381
SHA1

d66a6d613b49315f64b2b0f9b67da3ab709f4e00
SHA256

1623b825289eb5a07b963ee9f3986a55b6b86f61b2e48f3f4312ff74aecb0cc5
SHA512

effbf0a2233f6eee5cde4f6ce16cef07ffdf7b3bb728b6fadcae085f158dfd5443d1baa84fcf208ff6726185b4058acd0cbd20be21303ae41b153378ec92e995
SSDEEP

6144:sWfFoL1IN96y/LgHiJ4Y+NiO8gLFDPMTJYhr64FgEHi:n6L1yMcioWNtLFPMdV4Fg9

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

avgcfgex.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avgcfgex.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	avgcfgex.exe

C:\Users\Admin\AppData\Local\Temp\avgcfgex.exe
"C:\Users\Admin\AppData\Local\Temp\avgcfgex.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4700

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact