Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27-09-2024 18:00
Behavioral task
behavioral1
Sample
5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exe
Resource
win10v2004-20240802-en
General
-
Target
5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exe
-
Size
14KB
-
MD5
cc801055c454f393abfd2711a6b92674
-
SHA1
d5d77612b2f36c34e60a527b7d9d8032533ef17a
-
SHA256
5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83
-
SHA512
352c72dd0274ce4e61804d14e86593cba4847584860f4adc5e57d94939403889bfb97748c36b50b9d7a74ff0960007cc1cd4c480fde7e61ee2b2960963599656
-
SSDEEP
192:c+8C+EKS0O9ejYTDG8bcp4LltGnieXubWyD9JEBkGxVXkqoN/JoRJc:cNVjYTDG8gpIleXTyD3EnxroNRP
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exe"C:\Users\Admin\AppData\Local\Temp\5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exe"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:4192