a17a56a6133deb30a7b5347798b8cac8438e90695cae989a41971fe1583682ba

Analysis

max time kernel
144s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-11-2024 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Perx Wall hack S.ALatino/Perx Updated.exe
Size

233KB
MD5

8c4adab323fa75d5aede1abf3e366226
SHA1

10ffb2983f15ab01d7594a63391de3f734d62982
SHA256

efbf5fbeb95dbc2bcb9c49ddb506d83d61c1faea4ebadb323fd3bf8348f02368
SHA512

6cb4cad588c24d627ddf214c3b8650043706cde3fcbdd4da1ac97f189613e35902bb1fe9d6f46bfaaef7526d378144c6c3273181db2e025652728ba76cc26463
SSDEEP

3072:+LpV3eLW1Ogn1KOX+9BsL2RhFGpgpV3eLW1Ogn1K:+LpV3uWk9F9FFGgpV3uWk9

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Perx Updated.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Perx Updated.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Perx Updated.exe

C:\Users\Admin\AppData\Local\Temp\Perx Wall hack S.ALatino\Perx Updated.exe
"C:\Users\Admin\AppData\Local\Temp\Perx Wall hack S.ALatino\Perx Updated.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\MPGH\Perx_Updated.exe_Url_zl0wnmddwncnyo4zzj5sull1cixclbng\1.0.0.0\aeltcaiw.newcfg

Filesize
932B

MD5
f361e3157514dd305bdde535a92c6266

SHA1
c1d9275d5096fbee870c815c4ef81438e91e5b84

SHA256
3577bcff2001cfdb3474358e2f1561d1a46d55aeb4345d542c1944f49f33ed45

SHA512
0c1a7835f591ee032b93e9a9ab19a15fe192359916dcc4e962272880681bd06f282b771b06d5fd2a9d9cdc419edb89b36f92fb5511d2b9611c1cdc55929e2743

Download Submit
C:\Users\Admin\AppData\Local\MPGH\Perx_Updated.exe_Url_zl0wnmddwncnyo4zzj5sull1cixclbng\1.0.0.0\user.config

Filesize
817B

MD5
5c80ceed2c14e1f00aba6340af3f93c2

SHA1
6b424cff57b1b9355879829eb3fa5ca4da7e891b

SHA256
204f4e9acc89e611235f2d44043ca4aa45744c01e5f20e46affc81912c1e459d

SHA512
70ff6a83dba831354a39fe9df7bbe9dae0c25825f114488e00b7d8599bfe84b6c4ce831f8980776bacc76f14213344b4206e4c0178ed20ba6f1fbf6ea72f0107

Download Submit
C:\Users\Admin\AppData\Local\MPGH\Perx_Updated.exe_Url_zl0wnmddwncnyo4zzj5sull1cixclbng\1.0.0.0\user.config

Filesize
932B

MD5
6fc8215ff6fde281d62ba928d2968f90

SHA1
136d986b642b4bc21a5f5e937eb0801a16af02d1

SHA256
a9c6091969754f5bf941f5f9e6813ede975f74be6e16282e0c4f2565e1d6c448

SHA512
59016a021e078f1a7df8c9880d25c1bf37b59f8d27d13f2adbc5bf68e4e8b326d038f51dc0f53250c640779950b2afe770b724bc7db94063b67274191ffc9e73

Download Submit
memory/352-0-0x0000000074A8E000-0x0000000074A8F000-memory.dmp

Filesize
4KB

Download
memory/352-1-0x00000000010D0000-0x0000000001112000-memory.dmp

Filesize
264KB

Download
memory/352-2-0x0000000074A80000-0x000000007516E000-memory.dmp

Filesize
6.9MB

Download
memory/352-22-0x0000000074A80000-0x000000007516E000-memory.dmp

Filesize
6.9MB

Download
memory/352-36-0x0000000074A8E000-0x0000000074A8F000-memory.dmp

Filesize
4KB

Download
memory/352-37-0x0000000074A80000-0x000000007516E000-memory.dmp

Filesize
6.9MB

Download