c350e7e362c9aa129cbd196275f5c262abf56e8f6160edd9e05134b8dc88e3b3

Resubmissions

19/09/2024, 17:29

240919-v21lrs1fjm 5

19/09/2024, 17:25

240919-vzcf6a1akh 5

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240903-it
resource tags

arch:x64arch:x86image:win7-20240903-itlocale:it-itos:windows7-x64systemwindows
submitted
19/09/2024, 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CheckSign.exe
Size

1.8MB
MD5

b77faa9434d719062d42528c880f221d
SHA1

bdcc371195535de9f92ab6072f33b9988f4c0ea6
SHA256

c350e7e362c9aa129cbd196275f5c262abf56e8f6160edd9e05134b8dc88e3b3
SHA512

3fa9156b3b5cb6838ac6e55af2c37bd9e497fd7552d07982a9795697e5726b4dc4e5ca4c41fcc38e525bc3040fa9b844b9e6bccf42774079cca32dcec9fc169d
SSDEEP

49152:BPVt/LZeJbInQRa0RWNRIcZ1TNmZy8xCvgqftC7FibqG0:RTYbInQyCAT4kfVtCgE

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheckSign.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe
2236	CheckSign.exe

C:\Users\Admin\AppData\Local\Temp\CheckSign.exe
"C:\Users\Admin\AppData\Local\Temp\CheckSign.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\docs.gif

Filesize
4KB

MD5
38cc6879f4d7508c6f2f5ade7940c389

SHA1
bc13cabdb2cce561de626b0b451a22fc4d04f48f

SHA256
31313fe2ef80a1853a6bda2eee5d587cf5cfae69fadf220674b1bb88eaaf95ec

SHA512
29a02eb9cf49cec0ff8c8293eae2c532811a974cd8b683c199bd1e62740555b6de53c0add050b699eff8227822accc2bb7fab6003708427ba064f4881f8026ae

Download Submit