5aa5f829532b82d1d146841d843de9d3ab2278ba2c52402d51d18a5a2823872f

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5aa5f829532b82d1d146841d843de9d3ab2278ba2c52402d51d18a5a2823872f.exe
Size

411KB
MD5

d5251bd2a4d9ee464b1dbb25245a67a7
SHA1

a89c28d0c6f39475cf96c2129c4d10d73d0aa4b4
SHA256

5aa5f829532b82d1d146841d843de9d3ab2278ba2c52402d51d18a5a2823872f
SHA512

6a42887328eac8fc4036b08c01dd952ee7ee3640172e86cb4fd9654372ff8903ab8a616602e0f67f4192d63506bf92a6346b8ce3017eccbeab26c221e0451c4b
SSDEEP

12288:7FWiaocklk/TYrcwBXCqE3iclBZkmYaugcCkVkNao:BzCcrPyqE7BOmYo

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1732	5aa5f829532b82d1d146841d843de9d3ab2278ba2c52402d51d18a5a2823872f.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5aa5f829532b82d1d146841d843de9d3ab2278ba2c52402d51d18a5a2823872f.exe

C:\Users\Admin\AppData\Local\Temp\5aa5f829532b82d1d146841d843de9d3ab2278ba2c52402d51d18a5a2823872f.exe
"C:\Users\Admin\AppData\Local\Temp\5aa5f829532b82d1d146841d843de9d3ab2278ba2c52402d51d18a5a2823872f.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
587KB

MD5
a7303605203c978abbefb4033275ff0c

SHA1
6779d8ceb4551f3dba684645ee2e794c3ade90b5

SHA256
0b1bb1e0d8bf15e28cc4528bf52153429b6318fd61b3733b6b8c86947820bff4

SHA512
1f1bed9df20f88ac34b118aedb3b13ff67656a982a5909072ad2c3aa5e946c3bc1968ea564004630e4dc7f8e642b14a433265160bcb2ee845608322c98575105

Download Submit
memory/1732-0-0x000000007451E000-0x000000007451F000-memory.dmp

Filesize
4KB

Download
memory/1732-1-0x0000000000F80000-0x0000000000FEA000-memory.dmp

Filesize
424KB

Download
memory/1732-2-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download
memory/1732-7-0x0000000076110000-0x00000000761D1000-memory.dmp

Filesize
772KB

Download
memory/1732-8-0x0000000074510000-0x0000000074BFE000-memory.dmp

Filesize
6.9MB

Download