Overview
overview
10Static
static
100d6c3de5ae...bfc2ef
windows7-x64
10d6c3de5ae...bfc2ef
windows10-1703-x64
10d6c3de5ae...bfc2ef
windows10-2004-x64
10d6c3de5ae...bfc2ef
windows11-21h2-x64
117205c4318...90.exe
windows7-x64
917205c4318...90.exe
windows10-1703-x64
917205c4318...90.exe
windows10-2004-x64
917205c4318...90.exe
windows11-21h2-x64
91cad451ced...7b.exe
windows7-x64
31cad451ced...7b.exe
windows10-1703-x64
31cad451ced...7b.exe
windows10-2004-x64
31cad451ced...7b.exe
windows11-21h2-x64
344369783a8...a86.js
windows7-x64
344369783a8...a86.js
windows10-1703-x64
344369783a8...a86.js
windows10-2004-x64
344369783a8...a86.js
windows11-21h2-x64
37c7acd87b4...78f.js
windows7-x64
37c7acd87b4...78f.js
windows10-1703-x64
37c7acd87b4...78f.js
windows10-2004-x64
37c7acd87b4...78f.js
windows11-21h2-x64
396339a7e87...b8e5be
windows7-x64
196339a7e87...b8e5be
windows10-1703-x64
196339a7e87...b8e5be
windows10-2004-x64
196339a7e87...b8e5be
windows11-21h2-x64
197daa26c59...992.js
windows7-x64
397daa26c59...992.js
windows10-1703-x64
397daa26c59...992.js
windows10-2004-x64
397daa26c59...992.js
windows11-21h2-x64
3ae7c868713...6e.exe
windows7-x64
10ae7c868713...6e.exe
windows10-1703-x64
10ae7c868713...6e.exe
windows10-2004-x64
10ae7c868713...6e.exe
windows11-21h2-x64
10Analysis
-
max time kernel
144s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01-10-2024 14:21
Behavioral task
behavioral1
Sample
0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
1cad451cedeb9967c790c1671cd2e3482de87e3e802953f28e426642894ceb7b.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
1cad451cedeb9967c790c1671cd2e3482de87e3e802953f28e426642894ceb7b.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
1cad451cedeb9967c790c1671cd2e3482de87e3e802953f28e426642894ceb7b.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
1cad451cedeb9967c790c1671cd2e3482de87e3e802953f28e426642894ceb7b.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
44369783a819a38909e89449495fb98c3f9ba07dd0d2fa55a24a560a89f21a86.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
44369783a819a38909e89449495fb98c3f9ba07dd0d2fa55a24a560a89f21a86.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
44369783a819a38909e89449495fb98c3f9ba07dd0d2fa55a24a560a89f21a86.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
44369783a819a38909e89449495fb98c3f9ba07dd0d2fa55a24a560a89f21a86.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
7c7acd87b47d405da4d6efa2c43599148e12c094970ba198905f0a165d79a78f.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
7c7acd87b47d405da4d6efa2c43599148e12c094970ba198905f0a165d79a78f.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral19
Sample
7c7acd87b47d405da4d6efa2c43599148e12c094970ba198905f0a165d79a78f.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
7c7acd87b47d405da4d6efa2c43599148e12c094970ba198905f0a165d79a78f.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral23
Sample
96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
97daa26c59e0e151f66872147ccd30dd1815bc6e63ec40c288130c6e8a6ea992.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
97daa26c59e0e151f66872147ccd30dd1815bc6e63ec40c288130c6e8a6ea992.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral27
Sample
97daa26c59e0e151f66872147ccd30dd1815bc6e63ec40c288130c6e8a6ea992.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
97daa26c59e0e151f66872147ccd30dd1815bc6e63ec40c288130c6e8a6ea992.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral31
Sample
ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
Resource
win11-20240802-en
windows11-21h2-x64
General
-
Target
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
-
Size
636KB
-
MD5
267d5c3137d313ce1a86c2f255a835e6
-
SHA1
c7a37c0edeffd23777cca44f9b49076be1bd43e6
-
SHA256
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90
-
SHA512
9c119a9f973dae77f2cdd6a855ae45c20660aadc5c592f6d06f6360dd0bb5a380d0ed1fcc23c0cb721da70bcca7d32db46181be675bf0587276d35d6da26a31e
-
SSDEEP
12288:aEky5bwpy02iRaeXCP2CIcdoKAXMr+Mr+kJZ4:j02iRaeHPcdo18rTrf6
Malware Config
Signatures
-
Renames multiple (5399) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
Processes:
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exedescription ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\Desktop\Wallpaper 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe -
Drops file in Program Files directory 64 IoCs
Processes:
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exedescription ioc Process File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Mozilla Firefox\freebl3.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\NL7MODELS0009.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.muiencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105320.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Executive.xmlencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL058.XMLencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exeencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH02282_.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\ACCOLK.DLLencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\DEEPBLUE.ELMencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\ACWIZRC.DLLencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.swfencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.muiencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099155.JPGencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Apex.xmlencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Clarity.xmlencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Angles.thmxencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exeencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Filters\odffilt.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\CUPINST.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01848_.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00735_.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\StartShow.sysencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Mozilla Firefox\locale.iniencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152696.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TN00231_.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CA.XMLencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\STUDIO.ELMencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107300.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txtencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB.HXSencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSTH7ES.DLLencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0212685.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0239955.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exeencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\RIPPLE.ELMencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Microsoft Games\Chess\Chess.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0292286.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MIDencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00468_.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SL00286_.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MIMEDIR.DLLencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO01785_.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Couture.xmlencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0090070.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ENV98SP.POCencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TextConv\MSCONV97.DLLencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_sk.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\RequestGet.dibencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files\Java\jre7\bin\glass.dllencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0241773.WMFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01245_.GIFencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGMAIN.XMLencrypted 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe"C:\Users\Admin\AppData\Local\Temp\17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe"1⤵
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2108