88188e7554bcca13ba1520e81022e16e83891881a2699eeabda6ac0e1a180a53

Analysis

max time kernel
110s
max time network
97s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 10:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

88188e7554bcca13ba1520e81022e16e83891881a2699eeabda6ac0e1a180a53N.exe
Size

139KB
MD5

f051a9be847617cb4ec83b23c3a8a830
SHA1

bb776fed4352de3d6f2c83d672ca988212ae182e
SHA256

88188e7554bcca13ba1520e81022e16e83891881a2699eeabda6ac0e1a180a53
SHA512

7638ff237124a5b8d975dd824bca58adb85be90e35f840581c962a873c1139f0c322f367be80654e6e4f837938de5699bb2ffd76174158603cf311013d1d6ac1
SSDEEP

3072:hs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/j/Fnncr5:hDeM7iNEkgiOb31k1ECzJq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	88188e7554bcca13ba1520e81022e16e83891881a2699eeabda6ac0e1a180a53N.exe

C:\Users\Admin\AppData\Local\Temp\88188e7554bcca13ba1520e81022e16e83891881a2699eeabda6ac0e1a180a53N.exe
"C:\Users\Admin\AppData\Local\Temp\88188e7554bcca13ba1520e81022e16e83891881a2699eeabda6ac0e1a180a53N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-8K4v0VGsVdjAfP9d.exe

Filesize
139KB

MD5
898636b25cbdca51050f1382b2cfa527

SHA1
09c32a4c2e4aef56879d039b03ae5a788a725144

SHA256
bb70b174910a6ee399eda22781a5ab5911691c78be4f43231b3a45eb9e82c313

SHA512
ac1fd9bca15f4cddbb95f2644380d02fddc5f6359257a30a184943a461babd867e28e9fa2d452c96307d965cf93d3f157dcb5593468c95fa1338fb7dcfd4c626

Download Submit
memory/2060-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2060-6-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2060-14-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2060-21-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download