398b8c89a39caed6d587330ee01fc0b6504dd8b3e278d983361bf8b5b4ca2fac

Analysis

max time kernel
119s
max time network
91s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

398b8c89a39caed6d587330ee01fc0b6504dd8b3e278d983361bf8b5b4ca2facN.exe
Size

139KB
MD5

da37191710cb12195263c628fe966c90
SHA1

ef5d25bba9877e87212fd3dc370b868fa3b1689a
SHA256

398b8c89a39caed6d587330ee01fc0b6504dd8b3e278d983361bf8b5b4ca2fac
SHA512

9e1a9a885ea3584960b0f18081c8fed1c76dc4f396b239189fd4dba56c3eec90e1f3d9292a9703fee3b3ef8edfb8e45a50bd377a5c4c4dccf8b3fcd23d64656e
SSDEEP

3072:hs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/+/Fnncrd5971c:hDeM7iNEkgiOb31k1ECQJy5J

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	398b8c89a39caed6d587330ee01fc0b6504dd8b3e278d983361bf8b5b4ca2facN.exe

C:\Users\Admin\AppData\Local\Temp\398b8c89a39caed6d587330ee01fc0b6504dd8b3e278d983361bf8b5b4ca2facN.exe
"C:\Users\Admin\AppData\Local\Temp\398b8c89a39caed6d587330ee01fc0b6504dd8b3e278d983361bf8b5b4ca2facN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-IvwtAOCS83UgJzug.exe

Filesize
139KB

MD5
66220382ee6968fff0d53e48704e3ac4

SHA1
ae4b11743acce30abc8721c6bafb53e215221b6d

SHA256
4231ed6b3c702b80f3b188fbf6646864ba633e6a355a52a2deead2f4e38969e2

SHA512
0004ca7da488365a927af1bab3cab4f0a6064d19f0f4cba2111dca0ff4e2982118ed4bf6656df3342b71b866b2c56fa444c6e9fb0dcaf00571484b9015009b9f

Download Submit
memory/2552-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2552-4-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2552-11-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2552-21-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download