2268a86783f07b3f2151f7f95512e5d269ed3198688e311829f67161c70a748c

Analysis

max time kernel
110s
max time network
101s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2268a86783f07b3f2151f7f95512e5d269ed3198688e311829f67161c70a748cN.exe
Size

139KB
MD5

97a43088bab38c790c31854c911e7ff0
SHA1

79faf90626eef343ccf2937c42954da7cdb34851
SHA256

2268a86783f07b3f2151f7f95512e5d269ed3198688e311829f67161c70a748c
SHA512

6e1a8a1251f55842be48abc374d3b8a5e45ecae1323b894c71836873c6b1cc9377d2316c6a7d891330d368114ca813049ae9bcee54e8fd589ad3454b41ccc222
SSDEEP

3072:hs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/n/Fnncr5:hDeM7iNEkgiOb31k1EC3Jq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2268a86783f07b3f2151f7f95512e5d269ed3198688e311829f67161c70a748cN.exe

C:\Users\Admin\AppData\Local\Temp\2268a86783f07b3f2151f7f95512e5d269ed3198688e311829f67161c70a748cN.exe
"C:\Users\Admin\AppData\Local\Temp\2268a86783f07b3f2151f7f95512e5d269ed3198688e311829f67161c70a748cN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-L4VjH1C1LvMWO4zH.exe

Filesize
139KB

MD5
7842adfaed7fbecc0bf3af609336cfbe

SHA1
07e30898d926a56e3e9930940c606d0a362713b4

SHA256
b3ab71803f4009ba9536e7be2c08f49a8eb0c54b39d749632a739e5f5757487c

SHA512
6c775aa428295962ebd0bb91a8ecf04df5089ad38a61c8fbbfc64c2c883d22ac2a7bec18ae8bb9362a39ed3856f44eda9acc9069cd939a0ec872b937d54b08a0

Download Submit
memory/280-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/280-7-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/280-14-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/280-21-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download