d42bb7f95b50972680b8a5f2f68ab5bee5450fc45cf15612d45cc00b1b65f0c2

Analysis

max time kernel
144s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-11-2024 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nixware crack.exe
Size

19.6MB
MD5

bddd6ad4c8b66a3f551fdc47d6e12c53
SHA1

e8b4a0e7918eb4641ce971df0020bf318b5f6788
SHA256

105897c4dd3369b8c8ae8956ef2e8d945c33e7172022d81e0791546d9c17b21f
SHA512

79f791d0b510a1627669072060a2c99f25402a40ce5eef404a0e8c31aa06f9656f2104c83003618272a9eddab800987e6d0dfadaba34010f066181bdcb9a264a
SSDEEP

393216:Vyyv/JNbIZNv1bLTMZN5GTRWTjzMPpDcFBxxkhwgA1LivT2ts+oKs6yCZZh:VLTcB1QZiTATjwZNuLivT2ts+oRCjh

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nixware crack.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2388	nixware crack.exe

C:\Users\Admin\AppData\Local\Temp\nixware crack.exe
"C:\Users\Admin\AppData\Local\Temp\nixware crack.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads