Analysis
-
max time kernel
94s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 20:29
Static task
static1
Behavioral task
behavioral1
Sample
698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe
Resource
win10v2004-20241007-en
General
-
Target
698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe
-
Size
7.9MB
-
MD5
a0e475dd1f1d8e16896f9870e6c2a67d
-
SHA1
dc34010b3e737acfa90ae72cdddb51f2ef41f337
-
SHA256
698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0
-
SHA512
87a81fc6662b8a5ddb590949bc9c8eb7021d90516dd6bf04900340534e0909d9bd925e6d2c63c3d2f1d0874b15d6973d2db96635b11e62543df55936a9aee246
-
SSDEEP
98304:w4NxK/6sZTj2Ry2fPAWyjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafv:w4m2INTx9Pe20/zkOiu1f+79YR
Malware Config
Signatures
-
Downloads MZ/PE file
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 468 698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe"C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51271a377225b3ca9af0bdffd7724a9d6
SHA111dedd0da6ec79edbfa808a761e54321796e1f17
SHA25602d1e9aeb6837447ba6dead6259e5cf550f2b3b15f4e12821b900990708b8faa
SHA512c522f9c686db77b7bfdf10cda8afba85e2247414799ad0479285309a7228a2112a8d9b674e07d54a64d4f0e298872d5e6d2f11304750912425e66f38d0789576
-
Filesize
3KB
MD5f17f8c1c67e4e87fc4cf6aaa5c0d1a5f
SHA1b3bef0f801140386f9a6d87b8724e721227efe0a
SHA256e4da63b0b3140be90d32e497797abf0a3cc5cb3840067092edf10b3c01c6d502
SHA512485a2fec0ff427a456202b9f2b3b7e00367f9768aa79ca8f37dde40f4528144b545295ba84ae7c16cedaeca26e7b9e627600eb693e17eb8498615fafe52f321c
-
Filesize
6KB
MD530fae0a997840ab988bde35d77b63b84
SHA1e0883759f4aaaf3ed04e9c80a6d296d2d75104cc
SHA25666dc0904fb427baa9fd7270ea969fba3bc02018c6085bb8f4dc53eb5dd91feca
SHA512de8adaf6380d1f8af207b7dfba2c8821a961114c18a473972ac3f2b6c4988546133c5c33d93c98792ab68177d41712907730fd1fe436abc3a37111b100b09337
-
Filesize
38B
MD5774bd540cbc29512a91919d365af3a24
SHA17fc0e452c95c61113fc4190f4b8189d23fd62130
SHA256cd65aeaedce7e82f7dc8b4b1e7b62e64a12e030b527ebaffec153a5504233ec8
SHA512b104b6a8b8ef6049931c98d85d6aa0438eb9277648cec40b855509a744ec82c5ccb720e960abd4d555a1580ea3592a7534b12afe1e080289e1272fb359108bb8