184e0897921881b774e863463457fbca837ecb5cfe012f052a2bd143f1e1a195

Analysis

max time kernel
91s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

184e0897921881b774e863463457fbca837ecb5cfe012f052a2bd143f1e1a195N.exe
Size

2.0MB
MD5

7d6d42c1979725f67c64b553d0d7e1f0
SHA1

03b1ba65f422b2df702250184e39731dad1697d5
SHA256

184e0897921881b774e863463457fbca837ecb5cfe012f052a2bd143f1e1a195
SHA512

54e640bc261e8a6cd8fadd1098e42cd6892efddc45b16c35e25717db1d1dd48d05c2af7be37758a07f74f53677b5706862e6b9e8b2d804cd578e7cd8d005c9aa
SSDEEP

49152:80ZWI+llRK7lC1oClOQZFcYG61tVeNIcTr6wtRPG5pDmg27RnWGj:FUVaYNnnVRERP4D527BWG

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	184e0897921881b774e863463457fbca837ecb5cfe012f052a2bd143f1e1a195N.exe

C:\Users\Admin\AppData\Local\Temp\184e0897921881b774e863463457fbca837ecb5cfe012f052a2bd143f1e1a195N.exe
"C:\Users\Admin\AppData\Local\Temp\184e0897921881b774e863463457fbca837ecb5cfe012f052a2bd143f1e1a195N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4160-0-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4160-1-0x0000000000910000-0x0000000000977000-memory.dmp

Filesize
412KB

Download
memory/4160-8-0x0000000000910000-0x0000000000977000-memory.dmp

Filesize
412KB

Download
memory/4160-11-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download