c30250df9fb586127327d3e74d0c92266fb314b78bc1dfd20042f7ea32eed64f

Analysis

max time kernel
119s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c30250df9fb586127327d3e74d0c92266fb314b78bc1dfd20042f7ea32eed64fN.exe
Size

120KB
MD5

18ed683497dfb0b15213ca380e660030
SHA1

47564a64eb404f8d1f988e4ae9a1e0b39e0950c5
SHA256

c30250df9fb586127327d3e74d0c92266fb314b78bc1dfd20042f7ea32eed64f
SHA512

997f6fa7abaf4e552571714f83b4b002dfaf16448bf8fd532bb63c2d9510ba26290bac007446d64bf0cc628e60b31446955921a9a3d149343aea554994e18feb
SSDEEP

1536:uMDW2ab+dOE+kVwzXGMum70F6by7SGMeJVfdckqVy7gXng9EBsBtygo:uMK2aaQqKaR7SGMeLC/VBB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c30250df9fb586127327d3e74d0c92266fb314b78bc1dfd20042f7ea32eed64fN.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3312	c30250df9fb586127327d3e74d0c92266fb314b78bc1dfd20042f7ea32eed64fN.exe

C:\Users\Admin\AppData\Local\Temp\c30250df9fb586127327d3e74d0c92266fb314b78bc1dfd20042f7ea32eed64fN.exe
"C:\Users\Admin\AppData\Local\Temp\c30250df9fb586127327d3e74d0c92266fb314b78bc1dfd20042f7ea32eed64fN.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BHOTC3C\mdi[1].htm

Filesize
795B

MD5
5d8d79c3cb9af023240b1be6f5057aaa

SHA1
df22980677b134e83d878893f7c7984e0d78a240

SHA256
e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6

SHA512
66f432b622cee0bcc06cbc0f833de1471ea36c295b4cd93eb848d97e69c2252acd2fc8972db51ea35475a424f4d6cb5001325525fb04f71b8704eb24de1c4008

Download Submit
memory/3312-0-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3312-1-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3312-3-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3312-11-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3312-14-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3312-21-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3312-24-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3312-33-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3312-42-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3312-49-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3312-52-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download