dbc1d5627425417feacd9299c1f79b737f4edfbf2f86534757f0ebe85ba9455b

Analysis

max time kernel
111s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2024 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbc1d5627425417feacd9299c1f79b737f4edfbf2f86534757f0ebe85ba9455bN.exe
Size

143KB
MD5

678345a03049491c4aa28d7997de8250
SHA1

c48b83cdd066aace05f181bfea64c95ac086e5df
SHA256

dbc1d5627425417feacd9299c1f79b737f4edfbf2f86534757f0ebe85ba9455b
SHA512

b38e7b49ee89cadc2d718f90bd6a6497aeb7e242636cb856ff6f3afd6a666e49d69019d175c923993fd79730bce9fae8e6edafb03277c3911a1cb80f03168b0d
SSDEEP

3072:es3D8A4M3riN6MhGkgS3PL6pb9t16n5NkhBOPC/h/Fnncrd5971cw:egeM7iNEkgiOb31kiECdJy5Jl

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dbc1d5627425417feacd9299c1f79b737f4edfbf2f86534757f0ebe85ba9455bN.exe

C:\Users\Admin\AppData\Local\Temp\dbc1d5627425417feacd9299c1f79b737f4edfbf2f86534757f0ebe85ba9455bN.exe
"C:\Users\Admin\AppData\Local\Temp\dbc1d5627425417feacd9299c1f79b737f4edfbf2f86534757f0ebe85ba9455bN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-DLWJ6nsMRIi0CfiG.exe

Filesize
143KB

MD5
96b20ab018e8d983f8be423501585da0

SHA1
32b3d3213ec75c30979c8f1d00d6652d22708c93

SHA256
9cc40486c86c2a6345365e54cf9fefb93947f60e2bc7296487bd28c708ddda88

SHA512
548691a57ce3c6d6da91fc01bc2d47a208e501bdd80fe9137a5e6dad4fb23a3db441c4fbec2fb50e9bb79de4adacfa64c5d609652b7d29bbd73c7ceb976a3f23

Download Submit
memory/4820-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4820-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4820-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4820-8-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4820-15-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4820-22-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download