6156c6d53a6581ee75171bf208b69250b4225ec97891b2bb131fd620cbb08e75

Analysis

max time kernel
13s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/ha_accessdiver4120_txf.exe
Size

133KB
MD5

6254ac8e83dac126a28783d261437097
SHA1

de582a113fd810e891fcf9c935f70885bedf87c7
SHA256

65b77f39150df4b59efc56aecdeed0ec0a4fe5d9a77d608e69205b77459109ff
SHA512

8f188fbfe97981a34606f779796c3e859f41bbf715de310d4cce13a532e1bb12e8885fd6e30a32d77c224977b8c433fa999820174757cb14ee2d20b2efb38d51
SSDEEP

3072:rPsyTOBJAApkUtyotAs3ExiqX9Panre/7035f7vaictDM:72HwoOs0dtParr38/y

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2528	ha_accessdiver4120_txf.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ha_accessdiver4120_txf.exe

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ha_accessdiver4120_txf.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ha_accessdiver4120_txf.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ginstall.dll

Filesize
54KB

MD5
38a9142ba7b74db9a68b3691c970bd89

SHA1
701fc2c3bf6f63b7ca7547f3a2dc1f8f154be16f

SHA256
ed866c7802edc00235bd25aa2ae2ec6658eb8cb74301b930a96ab9ab42ed93a2

SHA512
3e0113d00173fbdec430435a34be8053d7e0c08cf2207414f76350b6dda4793b8fb543f76e9b69512d63fa6b1c49dd393ed9ab7b053634109e55386b08497636

Download Submit