Analysis
-
max time kernel
93s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:33
Static task
static1
Behavioral task
behavioral1
Sample
d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe
Resource
win10v2004-20241007-en
General
-
Target
d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe
-
Size
5.0MB
-
MD5
6ddb6e2e93b5b8d9fad7b7a8cac567cc
-
SHA1
f20c235b67bb880c862ef31aee6312df016022c7
-
SHA256
d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5
-
SHA512
081aa094804cfbcdd2d0889a76ad61e88c6cb2ea8bf9985d5c3b62fc6a243510c6f805cf423497795df8c8c82d563fe53d9a79f453bef111791a00753b7de216
-
SSDEEP
98304:zgu9llk/yHwNf3n48LYtQMKFfikjKdzOJDb4v+6Y:rllz0Yt506LwN0v+6Y
Malware Config
Signatures
-
Downloads MZ/PE file
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3004 d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe"C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5c2ba89b9e06bb15cbf0c229239128770
SHA1a9b0a4cd53446a5a2962dc7b10e42ee5246d921f
SHA256abd1e662fed4ff94531b459a30c8793c78211bb3f2307eb20d1bbc4627c1db99
SHA5123a1a0f9b0daa4f07573978dc3bd1e73d0abce3ff3e16fd865ae8e3b44f36c0c88632f84866cb4d7aad807e5c863c4d7df3d0cb2e834829510b93b31cf54f8113
-
Filesize
7KB
MD53245baa669ae426f418780582e180534
SHA109bc344b8368d4ddf1c1cdab41025da28ec57e9a
SHA2565f3ece22c48d18d7f1d42c3c339e4bcd6ec27c522bae9627597bf04208e92a3d
SHA512b6f22b884abc3ae51be82a90ce7da5b638877e4139f41941961ce8ae3e7976cfcf6e3681a9b818c18184ac318b39b1f5d9db2d4a3c3f7542165b1ca0ddf4d318
-
Filesize
38B
MD5a82c05d8219310fc1ebfce349ee66a61
SHA192b7df0e7044eb74163c1484e4cd7fb1dfe00257
SHA256544a1da597dfc8e4d32553a2f0d36a6bc43fd644c830baaccdb1cd9b2ce04e4c
SHA51281e508d7429291f50ff6b9be4f4bb4a3ce1ee888baf49b1c6e939bd0859ca5dd2b0347ed0a1022c1efbf74288a114e0ada999780edb333c0e3f34649081fd56a