844691299632437254f028b26dd0d958b8dcf153a0bf224a4867300fbce6dcd9

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rstart.exe
Size

33KB
MD5

a82278be7c26e0e03df35c6de820ced3
SHA1

4f50ffa33083743a319a8c1c8c964601655d1962
SHA256

d763488894abd10b86a3c6cb8889ab7d559449e0f3ca733047d4d920aa42b939
SHA512

c5b140bca11138260578ced93bf71be174cf1b057a64cd9240ad3d5280a329beee137ae5febcc35cae54e9527dbd0c5a391632c4d12f6f4d8963a8aa842867cd
SSDEEP

768:sTNklqLcFs0u8mo7whRQbF1of+N09NWWMN:CN2A5hKbF9NcNWWg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rstart.exe

C:\Users\Admin\AppData\Local\Temp\rstart.exe
"C:\Users\Admin\AppData\Local\Temp\rstart.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1544-0-0x0000000074DE1000-0x0000000074DE2000-memory.dmp

Filesize
4KB

Download
memory/1544-1-0x0000000074DE0000-0x000000007538B000-memory.dmp

Filesize
5.7MB

Download