Analysis
-
max time kernel
111s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2024, 10:07
Behavioral task
behavioral1
Sample
602ac371ba834fe565970d0fe6495095a7ec43bc2d257e417d9b1ab6c89248d1N.exe
Resource
win7-20241023-en
General
-
Target
602ac371ba834fe565970d0fe6495095a7ec43bc2d257e417d9b1ab6c89248d1N.exe
-
Size
83KB
-
MD5
87e8f2b9ad9e4ba49fb6ee32c5c99860
-
SHA1
b833a52f7f574f888d64d55d3faa752af2f2a672
-
SHA256
602ac371ba834fe565970d0fe6495095a7ec43bc2d257e417d9b1ab6c89248d1
-
SHA512
a64cd08f2265f29fca94e956498db3890b65faa263bf47c5c074e076fa07a3e608e06a5dc02403329f901847892996eca9a0ebe97f405f9446b55940bd4db8d0
-
SSDEEP
1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+BK:LJ0TAz6Mte4A+aaZx8EnCGVuB
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4588-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4588-1-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4588-4-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4588-8-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/files/0x000b000000023b84-12.dat upx behavioral2/memory/4588-15-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4588-22-0x0000000000400000-0x000000000042A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 602ac371ba834fe565970d0fe6495095a7ec43bc2d257e417d9b1ab6c89248d1N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD50371e7092b5c8b9bdcf39dabb5d484c4
SHA15037b284edf15dbc2bb4c4aef8ee2b901c90bfd4
SHA25643878b2afbd83eacd9faae9d2cf73958c44a96a7e138cc083062e779416953a4
SHA51213ff76ecaa7ba1e4606f09d01f3d2f88b6e560368e64ca0fe0e0560476dfc135fee509c85da5c5573a406ec57d421a742e5c9e94f4e37c86e616244c380344c3