Analysis
-
max time kernel
110s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 12:07
Behavioral task
behavioral1
Sample
6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe
Resource
win7-20241010-en
General
-
Target
6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe
-
Size
83KB
-
MD5
0edf3ffe42290ad505d414c7ba93d030
-
SHA1
7a1e029cdc1c44fc088144dcafa753f6a1620661
-
SHA256
6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1
-
SHA512
2efa8e4bbb1ce54f54b59080dde3e0b8ce779595cbcb71a09628f326b248b81008bab98fd8b71345ad5be5c9ea12dce23386a9d2e74a9038ca79dfe98f7288b0
-
SSDEEP
1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+PK:LJ0TAz6Mte4A+aaZx8EnCGVuP
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2560-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2560-1-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2560-4-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2560-8-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2560-11-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/files/0x0009000000023bcc-12.dat upx behavioral2/memory/2560-15-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2560-22-0x0000000000400000-0x000000000042A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD59c72c6ce7274698d573d83a8f5ed50cf
SHA158dc62e8ff63870063fdae3da3fd5d33ce43f3c9
SHA2562431aab70ee425477a7867c63631b9fec8395be2bb8bac1ce1a4f1a8ac3846ca
SHA5127acdd8dc49180d8b74bcf96ba0dbe9946c989d1895d6f2c0318137c1616d1204b9a7582f77ba10368355f8e776f0163f6d125a1ef9c253443eeb40d2f1bcbb35