c34cba61ad03fcba3e9193e95df772fb5438d2ab137ce6e39d0d850aa2db3cee

Resubmissions

21-09-2024 23:11

240921-26gssazarq 3

21-09-2024 23:08

240921-24ycrazakc 3

Analysis

max time kernel
11s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xattacks.exe
Size

8KB
MD5

2fdec03ce7fdb4535e239bca08372962
SHA1

ddd29bc0392898f3cfe9e3272473e4994c04d472
SHA256

c34cba61ad03fcba3e9193e95df772fb5438d2ab137ce6e39d0d850aa2db3cee
SHA512

cef9df3f04e564d47230b21698b7406e4c27ac92ec915993ceb425e1a3f56687556c2c1ce1f5372226c4f192047dfc496d15aab1f46e4f4154f2260355f004ed
SSDEEP

96:7LP1HOuBhIGCbfBfbmBoEvLNn+95oHN5B9Mb1EBl9S89z3+3qIzwyUyfDgRmjGW1:fPYGLNn+9gN+1Ez8853sqIsmTjZVfmO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xattacks.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
460	Xattacks.exe

C:\Users\Admin\AppData\Local\Temp\Xattacks.exe
"C:\Users\Admin\AppData\Local\Temp\Xattacks.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/460-0-0x000000007491E000-0x000000007491F000-memory.dmp

Filesize
4KB

Download
memory/460-1-0x00000000009E0000-0x00000000009E8000-memory.dmp

Filesize
32KB

Download
memory/460-2-0x0000000005810000-0x0000000005DB4000-memory.dmp

Filesize
5.6MB

Download
memory/460-3-0x0000000005300000-0x0000000005392000-memory.dmp

Filesize
584KB

Download
memory/460-5-0x0000000074910000-0x00000000750C0000-memory.dmp

Filesize
7.7MB

Download
memory/460-4-0x00000000052C0000-0x00000000052CA000-memory.dmp

Filesize
40KB

Download
memory/460-7-0x0000000074910000-0x00000000750C0000-memory.dmp

Filesize
7.7MB

Download