dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 05:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f.exe
Size

486KB
MD5

08131e0107ceef3162029403022316d2
SHA1

4c1ed679dfda6edf384f77a23b1dcac610c4cbc3
SHA256

dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f
SHA512

23868a2511777b07563deb7d5486af0eb3c77ec0521ba7d42489b8c2dab9c84ace86bfe4c3af2f76366cfcdd42c0e613172a2750280ad116324987c31ca4369a
SSDEEP

6144:7Tz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZZAXlcrLT43:7TlrYw1RUh3NFn+N5WfIQIjbs/ZZnT43

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4752	dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f.exe

C:\Users\Admin\AppData\Local\Temp\dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f.exe
"C:\Users\Admin\AppData\Local\Temp\dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\tmpdata\info.dat

Filesize
144B

MD5
c1d579f32ff08fa42d8a30aa401d5afa

SHA1
64b9d633752b5208f81870030618de193c1b3ee5

SHA256
8620bc96b822c183f3507b9af7cda5644bf6f24a546a447b36858cc1922542ff

SHA512
551b5e5cfc0e8cf0344b329f9c9aa24e442f78b24936459da9a0b6dbc725d1f44dd2a1aecea3079e7e1a148c2310b14973679f2d5deb1bfc789d9b609cf99d06

Download Submit