344eeb88cd808140a7528ef191335bc3a70fd0f29aee682f6febe4b900b03706

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

344eeb88cd808140a7528ef191335bc3a70fd0f29aee682f6febe4b900b03706.exe
Size

483KB
MD5

39929a185df693259910621ae76c4506
SHA1

26814268f5ac86d2603d06c28dcb349fd712cd1d
SHA256

344eeb88cd808140a7528ef191335bc3a70fd0f29aee682f6febe4b900b03706
SHA512

fa9890e9872e36ea3742bf6e91e7635c88d019930bb28c7ba2f2b8301b855f956f48f029444f9a0bcedd2d9b2bb9818539b8ab85decfe6adaea4ef031591d1df
SSDEEP

6144:wTz+c6KHYBhDc1RGJPv//NkUn+N5Bkf/0TELRvIZPjbsAOZZBAXccr/aT4:wTlrYw1RU33NFn+N5WfIQIjbs/ZBNT4

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	344eeb88cd808140a7528ef191335bc3a70fd0f29aee682f6febe4b900b03706.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5100	344eeb88cd808140a7528ef191335bc3a70fd0f29aee682f6febe4b900b03706.exe

C:\Users\Admin\AppData\Local\Temp\344eeb88cd808140a7528ef191335bc3a70fd0f29aee682f6febe4b900b03706.exe
"C:\Users\Admin\AppData\Local\Temp\344eeb88cd808140a7528ef191335bc3a70fd0f29aee682f6febe4b900b03706.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\remcos\logs.dat

Filesize
144B

MD5
240112bc360b36517b07326bbae6ab0e

SHA1
cf6d2244168f2b7da5943b1c8758bffb55ee7bc9

SHA256
c54cda0544f9666a4543319324ec79d682315844e639d769ea3a5270d97a2fe7

SHA512
250e1c14bec3d5b646894b15098a5e1d794581d3e75735c84ecda8a1f94be5df2050b90ebc2864c83fe19797aaede73fc1559f208197a6c56b6ee41dba0259a9

Download Submit