a8546b010534de1b6a929e5c888223b238476a151c8bba0a3a0fee38eef824b9

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

埃文手机电子书制作器 V2.0 特别版IBookMaker2.0/Start.exe
Size

260KB
MD5

566ce1455bab66b74ef327e69707bb62
SHA1

997aca0fd2be53a295466374c6ae13fdbc1bbf82
SHA256

86b11d18ae0441cd32b07ae1717bece8b6ab795e9ab9461af701ae47811fbc97
SHA512

44ace1b2c231088ce8d0fabd92ca4df7bbb111805165c368095576e457e68114274bb9ef4ce8d5664d5d37b5b3c588307e97e13aad66e7d03a67d42817ca5f84
SSDEEP

3072:Mzpf1LsbDKKtmL2NhHzxO4GopUeNGomLFaUDJvIzr5nhWGU5EwpOcHGKPko7K7+x:M9S/mL2VOtopUr2pFU5EwpOcHGKK+0h

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Start.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3044	Start.exe
3044	Start.exe

C:\Users\Admin\AppData\Local\Temp\埃文手机电子书制作器 V2.0 特别版IBookMaker2.0\Start.exe
"C:\Users\Admin\AppData\Local\Temp\埃文手机电子书制作器 V2.0 特别版IBookMaker2.0\Start.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3044-0-0x0000000000230000-0x0000000000262000-memory.dmp

Filesize
200KB

Download
memory/3044-1-0x0000000000230000-0x0000000000262000-memory.dmp

Filesize
200KB

Download