664555cf762648ba681ec342b9007d3d08a9c4e01754df5d350b81f6fb047585

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 10:53

Target

resources/elevate.exe
Size

117KB
MD5

feee36669aa8606db2385ba8cf040596
SHA1

1ebd53e4803bc2b528592c52454ad5d0d172a3d5
SHA256

11a9b32e214ac3b6cc4b1ba670e3ade69074e524ae7678377351b9b696e5cef3
SHA512

708fa3afc183e29e4e257dcd49a255f42723e45dbacea06b331cad712b8e592abf40376b332f01829beadedbce01fe533623fade04a97cb9ebd0b654f7d13230
SSDEEP

3072:VvbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlFBq:tPrwRhte1XsE1lC

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

elevate.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language elevate.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	elevate.exe

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2192

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact