07864a36094fdb51d595bc3e42bce8429054de6c820f8c9dcfe1820c0fd1f8ff

Analysis

max time kernel
133s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 14:07

Target

07864a36094fdb51d595bc3e42bce8429054de6c820f8c9dcfe1820c0fd1f8ff.exe
Size

184KB
MD5

d3b47fb3dd8b1c832901282b2d95a83b
SHA1

84d0afe2d8b7efd5f06eab1ac26d2bc9e25f9c38
SHA256

07864a36094fdb51d595bc3e42bce8429054de6c820f8c9dcfe1820c0fd1f8ff
SHA512

2935d159c796b792bc3b8a7931ed455edd32fab61e1064ae3723c2b3ffb9bb57224326820688be4f5260dfc9197205a9c67eed62a8ad40d9c1bea3c1b4436eb8
SSDEEP

3072:ZWuMAFr09pzIaMn3UhKrpkWOJrOQqLrR+N2epJqL7MlSXn:KuJ13UhYJCrOzLA2cqslSX

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	07864a36094fdb51d595bc3e42bce8429054de6c820f8c9dcfe1820c0fd1f8ff.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2872	07864a36094fdb51d595bc3e42bce8429054de6c820f8c9dcfe1820c0fd1f8ff.exe
2872	07864a36094fdb51d595bc3e42bce8429054de6c820f8c9dcfe1820c0fd1f8ff.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2872-0-0x0000000000C60000-0x0000000000FAA000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1-0x0000000000C60000-0x0000000000FAA000-memory.dmp

Filesize
3.3MB

Download