b59e47185b0117f52ccc47d3f4dda78177f59e6f572439812afeb034719d82d5

Analysis

max time kernel
140s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

warmap-1.21.exe
Size

455KB
MD5

8b30747fc3e51819737fe5c2379b2adc
SHA1

68e4dd589a4b82a567bab65c592488b58aec1c8d
SHA256

a97a99aacef399229e99e18bb3ac903e3f4e26f5dbc0144a25be2648ff407441
SHA512

3c343a7754a47b8cecfdd0951a90c01a345b33e6de9c5b2e9b82477a907761687cf7c8c480f56ae3cb0ceeaf42468f863876eda80417a96afc136cb885e3e313
SSDEEP

12288:Mlx1yqnFl6y/Yr4fmL356ku9Ywksd5XlYjy8G/l:M8MF4uYCmFCYe1YjDc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	warmap-1.21.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3760	warmap-1.21.exe
3760	warmap-1.21.exe
3760	warmap-1.21.exe

C:\Users\Admin\AppData\Local\Temp\warmap-1.21.exe
"C:\Users\Admin\AppData\Local\Temp\warmap-1.21.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\perfectwhistler2.ini

Filesize
4KB

MD5
4329401dfd004a1efe493b93dd669c26

SHA1
d360e169e9dd8f8c76caf4f75e9319498cc67d4d

SHA256
26a377e2a749dcdd214e5c1c95cb460ffd3542eb52e0dee524b8ea548c3ac565

SHA512
d6229c1f10a5837fa8db2f0e7e7c88863ea9f00d0ddbc4e713d8d9c370c95e04703a06625637f0f3519c58fe3909d0ab9436fb8c361f535a6b5f9f63a74d220d

Download Submit
memory/3760-0-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/3760-1-0x0000000000710000-0x0000000000712000-memory.dmp

Filesize
8KB

Download
memory/3760-2-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/3760-342-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/3760-343-0x0000000000710000-0x0000000000712000-memory.dmp

Filesize
8KB

Download
memory/3760-344-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/3760-345-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download