d45db9793755cd156634a2f218a5b52598339064ae3ed104c9984b0cb2af3917

Analysis

max time kernel
117s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d45db9793755cd156634a2f218a5b52598339064ae3ed104c9984b0cb2af3917N.exe
Size

468KB
MD5

521d36f955f7941b25886be431000260
SHA1

0454c4793a8c5f150f39fd1e0b1699336d0b1b63
SHA256

d45db9793755cd156634a2f218a5b52598339064ae3ed104c9984b0cb2af3917
SHA512

a4ed9b2f72c8c24ad2182a583e6dc27f8c815d564d8009a645a3c37bc6113190fefaea10f88cf9a8eed924a53c0c3f6d6b0494f79d4cc210a0101f32587e5aa2
SSDEEP

3072:1KA4ogIdId5jtbYHPOtjLc8/52C4P3p5CmHek2quaesZ4cQ6B3tlI:1KLowbjtsPOjLcnZSZaegtpB3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d45db9793755cd156634a2f218a5b52598339064ae3ed104c9984b0cb2af3917N.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3844	d45db9793755cd156634a2f218a5b52598339064ae3ed104c9984b0cb2af3917N.exe

C:\Users\Admin\AppData\Local\Temp\d45db9793755cd156634a2f218a5b52598339064ae3ed104c9984b0cb2af3917N.exe
"C:\Users\Admin\AppData\Local\Temp\d45db9793755cd156634a2f218a5b52598339064ae3ed104c9984b0cb2af3917N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-41859exe

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
memory/3844-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3844-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download