678ce97ba2389d80a1a795f6b86b3de412bc9200cf7fe454c806bc5c0582b2cf

Analysis

max time kernel
94s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CoopenAir.exe
Size

230KB
MD5

64d62868e3ada3265e8208b9344dad90
SHA1

6f65d13ab753f12945abf0db341f5c5571791332
SHA256

e80bf6fca7f10528b2cb0ab4e99eddc508070d98f107dc59622f61d0ad6d7671
SHA512

5a9a83260355fe0bbd3ed083baac9b766aa044edecc2fccc94a705a180156f47015e408981ede71d3992ad5be43e16c1c1c57785617870374774acfb44fe3e25
SSDEEP

3072:PVJB2QtGK1YSX5NcLaoHy0wKzohGpPPfpsbmiF6xGXxclT8ZNak47168l:7RGK1YSXENSezoUrGXLZN26E

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CoopenAir.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3224	CoopenAir.exe
3224	CoopenAir.exe

C:\Users\Admin\AppData\Local\Temp\CoopenAir.exe
"C:\Users\Admin\AppData\Local\Temp\CoopenAir.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads