Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/11/2024, 21:40
Static task
static1
Behavioral task
behavioral1
Sample
332c14cd675ae25fa50d126067d2528a296c795b7000a10237b656b288c011b9.exe
Resource
win7-20240903-en
General
-
Target
332c14cd675ae25fa50d126067d2528a296c795b7000a10237b656b288c011b9.exe
-
Size
336KB
-
MD5
5be465a6e7a9c5f33f59d593a556cc08
-
SHA1
ab0526e0068cee85e6d6a5c1e593ae65d4537997
-
SHA256
332c14cd675ae25fa50d126067d2528a296c795b7000a10237b656b288c011b9
-
SHA512
d8dea075303c1a67c4db224341cf3361b70ab1f7e33cb38205a27a13de82bf575ce6f09067ee80ee2348e9587dedae297629ada18143a94fb84038ce0d12b29c
-
SSDEEP
6144:Sr7hkh2eL5b+ZTTTBx+Dqn9iin9dgn9BvirtTokDqHEPIzE/:SnGL8TTTBx+Dqn9iin9dgn9Bvifqkp
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 332c14cd675ae25fa50d126067d2528a296c795b7000a10237b656b288c011b9.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2160 332c14cd675ae25fa50d126067d2528a296c795b7000a10237b656b288c011b9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\332c14cd675ae25fa50d126067d2528a296c795b7000a10237b656b288c011b9.exe"C:\Users\Admin\AppData\Local\Temp\332c14cd675ae25fa50d126067d2528a296c795b7000a10237b656b288c011b9.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2160