ee6f4b449b75cbdf5bd1643059780bceea6c176446d0ea9d9eb7f45357c763c2

Analysis

max time kernel
112s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee6f4b449b75cbdf5bd1643059780bceea6c176446d0ea9d9eb7f45357c763c2N.exe
Size

468KB
MD5

3a2512f986fe7b344144c6c389276d70
SHA1

dd51d1d9f35c95a8bb25ab25a16779e5b12ffc73
SHA256

ee6f4b449b75cbdf5bd1643059780bceea6c176446d0ea9d9eb7f45357c763c2
SHA512

a495f0c3078620b98575652d41c4d3738793261721f6469fdd171742f6db39de1c901053423d64b733f3504b0d1408c47ad6f269fdf98ef9615a6cfe0dfa00dc
SSDEEP

3072:gRcuog51wz8M1bYbPzrjSf8FECFdSZpPndH2JVTSHVY3RNmNLglz:gR1o1AM1QPPjSfTvY6HVGPmNL

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ee6f4b449b75cbdf5bd1643059780bceea6c176446d0ea9d9eb7f45357c763c2N.exe

C:\Users\Admin\AppData\Local\Temp\ee6f4b449b75cbdf5bd1643059780bceea6c176446d0ea9d9eb7f45357c763c2N.exe
"C:\Users\Admin\AppData\Local\Temp\ee6f4b449b75cbdf5bd1643059780bceea6c176446d0ea9d9eb7f45357c763c2N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4220-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4220-1-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download