Analysis
-
max time kernel
77s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:33
Static task
static1
Behavioral task
behavioral1
Sample
3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe
Resource
win10v2004-20241007-en
General
-
Target
3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe
-
Size
3.3MB
-
MD5
e30491cfc158b8e5e38c8f263ebea0fd
-
SHA1
9bd81de3c149d5f29e7d1fdb8b0297315f41969b
-
SHA256
3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3
-
SHA512
6cd13c502f8d0e24c581b9a95d3ae0448652a3d7392492f4e4c9c4859f257d807ad3c9f39ed30eaaf1afe0b11cd45a91d503dcc74743f14af933507b54b91bc5
-
SSDEEP
49152:wOCLC6TYEPgFv2y6GuquTVRghpbw9JHF9T4p8QBZNdV4Mx+6OK61a+r5u8Qe:bCLCmYEoYy6Guxohp85+pTNy6767K
Malware Config
Signatures
-
Downloads MZ/PE file
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3652 3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe"C:\Users\Admin\AppData\Local\Temp\3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a6365ebaf98dff25ded48d3aec9587f9
SHA11a439014a4a2fa10fa15594628acbcde799b0c93
SHA256c98924bd9849ddc57ff00c86b03509506ba12bf4c9c2719a7158870700cb2357
SHA512b4b3ba5233bf64b7b9660d9d63b1191c738609804d6fbb443d290514f3a21e075445850671dd2744ade97e23d511fced813997d4b13d75ed322db3d995e092d3
-
Filesize
4KB
MD54c0941c37a1125cec4deebdbc01c70d1
SHA10b86e26b3650a35f447bc6e02aec891443ae4fc7
SHA2569bf74c847e9f30ccc0615abecbd9c6b4044429f213bec52d21f808a443f2b8f5
SHA512827e11f09ab5e0c3ba207c7b741107bc59e4efad2dea5e6ba13be0df6206d1ec88684eef4f3c04598964cdea6447ff52d2bd2450686f992f63df4940bae64c77
-
Filesize
38B
MD5b6344d20b59c6df02546ee5dc4a09d41
SHA1d3f282809527c577521c694932c3000a988b4071
SHA256633a55ef21ebd6562cf95ebc7555f2a8a1a35884ad95681e72f80efae7863a42
SHA512c61708f9878f2d795bb58219513004f4a4917c5a1fc65746d66732b9d40bc65d7e1c6918be1f80b181d1e0202aa37b98297671fc850674c6b723e0ed3b7c1db7