813a2467f5df112201d95b938ad269955c830e41657f48d0dd36217976fa0dd7

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

813a2467f5df112201d95b938ad269955c830e41657f48d0dd36217976fa0dd7.exe
Size

122KB
MD5

7814868becb19247d7a70b5457342391
SHA1

8df8d7763fa2d3e3002d492ac72a8e73bf1b5e6c
SHA256

813a2467f5df112201d95b938ad269955c830e41657f48d0dd36217976fa0dd7
SHA512

7dd557ca957fad2a19b09ec47cbfb5ea8395e839c1467ed02a6cf348ff845e4098ba96e67839d515121fabfac0eb476c9c04953093fec728c716edc49c05ec02
SSDEEP

1536:W7Z+pAp2nKLRKIKqo/2y2WEhNwNFkNXNFpiFu9Fy2XNgNFVNVNFomFaMFR01gz:6+Wp2naKIK1W+0JO2XKFbd0U

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	813a2467f5df112201d95b938ad269955c830e41657f48d0dd36217976fa0dd7.exe

C:\Users\Admin\AppData\Local\Temp\813a2467f5df112201d95b938ad269955c830e41657f48d0dd36217976fa0dd7.exe
"C:\Users\Admin\AppData\Local\Temp\813a2467f5df112201d95b938ad269955c830e41657f48d0dd36217976fa0dd7.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...