Analysis
-
max time kernel
92s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05-10-2024 07:11
Static task
static1
Behavioral task
behavioral1
Sample
18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76.exe
Resource
win10v2004-20240802-en
General
-
Target
18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76.exe
-
Size
10.0MB
-
MD5
042deda426d2c711aa38a0f73c2599b7
-
SHA1
c3afbb7a76eeca435fd38ef7bd7e5d49d89de48d
-
SHA256
18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76
-
SHA512
15196e1e0b3bd2130e7219153e63b6a1ad2c674785863a268e8716e0d0a03182b8f336c23450c40ba91b08dbc19ce34e30118971237f1f931da139f73fbdc2bd
-
SSDEEP
196608:arS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:arRrDjtLKkOa8ps6puAktIz
Malware Config
Signatures
-
Downloads MZ/PE file
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3000 18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76.exe"C:\Users\Admin\AppData\Local\Temp\18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3000
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD5ec094c922ee94fb6a575dfc9695e8d88
SHA1a5b38fac7a43071a63b15c4cfff5449cbe1a38fc
SHA256b970570cd61769e0cc60dba62bb5e6529b5b859e1424d8b14f12dc5de8af3563
SHA51251dd9624d60b8c62ae19f46d5768cb0e719e84fc020832f890d54763273921dbec13cb86672904466a4a8f2f1d50ea17dd13bb9fad9c6b638f32b33518dee67f
-
Filesize
7KB
MD5e3177d1acdcc621d5f5a58e56229ca9d
SHA112acb6047eb2699101035d6aa981a3393d495707
SHA256d1065922d20d0910f2d2d44e9915db7595036ccd062df1e360c5cdc5081f640d
SHA5124c07fa5b05a116760ec75ecf0ca3a1db70ad2d82e4efbee0623a4b21b4d11e7d9cc398f85521102c3bb3fee174c46cef56fbe938fb7263f12d3c643994e9dbf5
-
Filesize
38B
MD509e6a3a48f32e7d0181963c2c0e3c3a3
SHA155c400cc4a51292baa784753b13ee485728b17c7
SHA25670915d9c8671c5e889f2f5715341012e1bea247d0014149287a4e8b89656308b
SHA5122075a9b6a7755b36d6f8c05c98d38def219509d515d60ea7fad695293caed1172be5bc74d90095bccc8ce7dc73e801b94278805a1d4eb7279dea8dccb4ca52ea