183c9170d34b3c5e322d5a34d26aaab2bd4acd5338230c4454dc45b6a605bfb8

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

183c9170d34b3c5e322d5a34d26aaab2bd4acd5338230c4454dc45b6a605bfb8.exe
Size

482KB
MD5

374f71f7c95411dfd5f783f61b20cff0
SHA1

0e4ca58a9f9307674f1bf6d6dd12fd81b9d0c33b
SHA256

183c9170d34b3c5e322d5a34d26aaab2bd4acd5338230c4454dc45b6a605bfb8
SHA512

552f4ff976a7e1860dc7d7f263acb19176ea6332b9a4e2e09154c64cc3dd78c334a42637de26c2b729b16ba0ef41e243e195c87decee6390b85b5c1c5bb444fe
SSDEEP

6144:KTz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZXAXkcrST4:KTlrYw1RUh3NFn+N5WfIQIjbs/ZX5T4

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	183c9170d34b3c5e322d5a34d26aaab2bd4acd5338230c4454dc45b6a605bfb8.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
732	183c9170d34b3c5e322d5a34d26aaab2bd4acd5338230c4454dc45b6a605bfb8.exe

C:\Users\Admin\AppData\Local\Temp\183c9170d34b3c5e322d5a34d26aaab2bd4acd5338230c4454dc45b6a605bfb8.exe
"C:\Users\Admin\AppData\Local\Temp\183c9170d34b3c5e322d5a34d26aaab2bd4acd5338230c4454dc45b6a605bfb8.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\rcbook\logs.dat

Filesize
144B

MD5
d7546d56ae1d5d87d3d49ba29fdfce77

SHA1
287e2ed715b90990e0dc14eda11be1a4879b61b6

SHA256
18bfe8a43a255fe9f0588449dca2473c2c59bad7104aa1eec8aa30c8e1afc88a

SHA512
aae6f584c567d1e485222e01caa717188b4a37b27f00d6c8fcbfccc86938034cc57fcbca136dfd0a554457c3938c1d0e204781fe445eba73206acade0b83f2f6

Download Submit