6d6d84b56bfdc8668422de570cdfb61089bf291ebcd0b28ffb077f34d1c382a0

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-11-2024 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PwDump7.exe
Size

76KB
MD5

d1337b9e8bac0ee285492b89f895cadb
SHA1

93a2d7c3a9b83371d96a575c15fe6fce6f9d50d3
SHA256

b20f667c2539954744ddcb7f1d673c2a6dc0c4a934df45a3cca15a203a661c88
SHA512

39ea0272654666df38f31fb053ad462d66aba295832a9962c448b1173864b71584f04a2dcc7820e1ac3cf0b9131a4eb5ebf5a553afbcff4b5ce4e9494a16d17d
SSDEEP

768:1oERCIrG/b9Z5iX9G5D7sZsvje1Dxz8sXoxVi6/8BEwyRcvOXZM0UkIrs22HZbTz:GsCRTiX2sZsa15XoxVi7Qq0zIrsXxod

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PwDump7.exe

C:\Users\Admin\AppData\Local\Temp\PwDump7.exe
"C:\Users\Admin\AppData\Local\Temp\PwDump7.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads