dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f

Analysis

max time kernel
147s
max time network
142s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 05:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f.exe
Size

486KB
MD5

08131e0107ceef3162029403022316d2
SHA1

4c1ed679dfda6edf384f77a23b1dcac610c4cbc3
SHA256

dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f
SHA512

23868a2511777b07563deb7d5486af0eb3c77ec0521ba7d42489b8c2dab9c84ace86bfe4c3af2f76366cfcdd42c0e613172a2750280ad116324987c31ca4369a
SSDEEP

6144:7Tz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZZAXlcrLT43:7TlrYw1RUh3NFn+N5WfIQIjbs/ZZnT43

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2372	dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f.exe

C:\Users\Admin\AppData\Local\Temp\dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f.exe
"C:\Users\Admin\AppData\Local\Temp\dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\tmpdata\info.dat

Filesize
144B

MD5
e30980484e1e4f8488a18773b85e35da

SHA1
a3512ef3ea2bba4bb25a0fe51100001150663bef

SHA256
6446545288ae069749525641005a3749113bca499d21a92192990b30759667a4

SHA512
09c9d2c6ec8a8570c34e627241135cf8dbff158854591b7fbf1809888c7186781d6dad84168328c5220e7523b503b0634e916267aab45b67bce6794e51f6d379

Download Submit