023700559528ce2aa8b9c7dab298be8c62d02e15dae89c248c52f72ac4a7a123

Analysis

max time kernel
110s
max time network
95s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

023700559528ce2aa8b9c7dab298be8c62d02e15dae89c248c52f72ac4a7a123N.exe
Size

139KB
MD5

f160332cebea9e5e2bb411c0ce1e1620
SHA1

38aadb35091e18aee7f56c2ee813aa767128855b
SHA256

023700559528ce2aa8b9c7dab298be8c62d02e15dae89c248c52f72ac4a7a123
SHA512

eb769a3c3e9f5624b02f490872392898776baa1dad6aaf1ed65bd587ad66d3230bbb4dcfb30f56252bf3f8de9738975d176a7318e39aa70a2e799dd8f1e8be0e
SSDEEP

3072:hs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/I/Fnncr5:hDeM7iNEkgiOb31k1ECGJq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	023700559528ce2aa8b9c7dab298be8c62d02e15dae89c248c52f72ac4a7a123N.exe

C:\Users\Admin\AppData\Local\Temp\023700559528ce2aa8b9c7dab298be8c62d02e15dae89c248c52f72ac4a7a123N.exe
"C:\Users\Admin\AppData\Local\Temp\023700559528ce2aa8b9c7dab298be8c62d02e15dae89c248c52f72ac4a7a123N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-wJE8vRhCadMMtu88.exe

Filesize
139KB

MD5
20c12e300908bed35f412a6774d3b242

SHA1
e49d3375ec6fd97cd6e7e513cd2cf2c215904a97

SHA256
d69acdae6387d512e400eb2f0d519275074523f7060691a41bd9e6685f1129aa

SHA512
c0c601bee717fbbbe9827a9cc2c65dfd97f9f7e1291adc233a3c4d9b5bb8b890cd8c5a7e11c38aebefa7b1fcc4b35106e53b41fd04a5cd4faa28d4aa3fdb554c

Download Submit
memory/2476-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2476-4-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2476-14-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2476-21-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download