6c6ccbcae271b48022c12d3aa28447f420a486a1841e25b81ea9ac14ac33ef22

Analysis

max time kernel
129s
max time network
138s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
10/10/2024, 05:07

Target

CB.exe
Size

1.1MB
MD5

74736444cc08c8ac50a87f9dcfd0438f
SHA1

11acf6742d38bfa33785f5dfe1097956cffb4c22
SHA256

3784f86f098d8ae791d1d253557fb1f8230cd6984452268f3415a2ced95d066f
SHA512

49df42a251790282d4b6854a8d4364cb06bc204910bdce09ad4af8e3f17f6689c23c21270a2840db57f3de4d6389efbe86584ea3a44b916114bb37c490b2510a
SSDEEP

24576:360mSkloQvR7NWCzEocU+27WGYJ2ZQ6MzB+KpZ1:3626oQv5NWCz3lRymZ3MtpZ

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CB.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/4928-0-0x00000000011B0000-0x00000000014C8000-memory.dmp

Filesize
3.1MB

Download
memory/4928-1-0x00000000011B0000-0x00000000014C8000-memory.dmp

Filesize
3.1MB

Download