e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442

Analysis

max time kernel
94s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
Size

1.6MB
MD5

3e5cd6018e40bfb258087139f7922df9
SHA1

ff35037678de79098d6bf4c87906901c46610794
SHA256

e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442
SHA512

eceba3d0e73ea5f7c45bd991b81451f4df7e60022b9015bc54b7f9f144eefd01fd54ed8416c00ac094307b0dddbe1a2478a1eca7cc5d0065961aa46fe19729d4
SSDEEP

24576:7hxsaMc8YafE7Mtp52N8D3OE6zqj5yC8wwuczso7SlKDTGfLLpldpAysZowdkO:tLM3Y6tmfJzKEmY3TGfLLpKyfwdk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 3924	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	83
PID 2416 wrote to memory of 3924	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	83
PID 2416 wrote to memory of 3924	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	83
PID 2416 wrote to memory of 728	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	87
PID 2416 wrote to memory of 728	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	87
PID 2416 wrote to memory of 728	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	87
PID 2416 wrote to memory of 1208	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	88
PID 2416 wrote to memory of 1208	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	88
PID 2416 wrote to memory of 1208	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	88
PID 2416 wrote to memory of 3188	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	89
PID 2416 wrote to memory of 3188	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	89
PID 2416 wrote to memory of 3188	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	89
PID 2416 wrote to memory of 432	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	90
PID 2416 wrote to memory of 432	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	90
PID 2416 wrote to memory of 432	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	90
PID 2416 wrote to memory of 976	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	91
PID 2416 wrote to memory of 976	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	91
PID 2416 wrote to memory of 976	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	91
PID 2416 wrote to memory of 868	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	92
PID 2416 wrote to memory of 868	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	92
PID 2416 wrote to memory of 868	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	92
PID 2416 wrote to memory of 4260	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	93
PID 2416 wrote to memory of 4260	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	93
PID 2416 wrote to memory of 4260	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	93
PID 2416 wrote to memory of 2304	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	94
PID 2416 wrote to memory of 2304	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	94
PID 2416 wrote to memory of 2304	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	94
PID 2416 wrote to memory of 2928	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	95
PID 2416 wrote to memory of 2928	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	95
PID 2416 wrote to memory of 2928	2416	e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe	95

C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
"C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
  "C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
  2⤵
  PID:3924
- C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
  "C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
  2⤵
  PID:728
- C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
  "C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
  2⤵
  PID:1208
- C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
  "C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
  2⤵
  PID:3188
- C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
  "C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
  2⤵
  PID:432
- C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
  "C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
  2⤵
  PID:976
- C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
  "C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
  2⤵
  PID:868
- C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
  "C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
  2⤵
  PID:4260
- C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
  "C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
  2⤵
  PID:2304
- C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe
  "C:\Users\Admin\AppData\Local\Temp\e8c70c3b0269eb6e4b334ef585b06483ad39a94a516aec5cd545a660a77e9442.exe"
  2⤵
  PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads