Overview
overview
8Static
static
3PBCCRCPass...ge.exe
windows7-x64
8PBCCRCPass...ge.exe
windows10-2004-x64
8PBCCRCPassGuardX.exe
windows7-x64
3PBCCRCPassGuardX.exe
windows10-2004-x64
3PBCCRCPass...ut.exe
windows7-x64
5PBCCRCPass...ut.exe
windows10-2004-x64
5PBCCRCPass...ce.exe
windows7-x64
5PBCCRCPass...ce.exe
windows10-2004-x64
5Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
12-11-2024 19:49
Static task
static1
Behavioral task
behavioral1
Sample
PBCCRCPassGuardEdge.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PBCCRCPassGuardEdge.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
PBCCRCPassGuardX.exe
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
PBCCRCPassGuardX.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
PBCCRCPassGuardXInput.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
PBCCRCPassGuardXInput.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
PBCCRCPassGuardXInputService.exe
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
PBCCRCPassGuardXInputService.exe
Resource
win10v2004-20241007-en
General
-
Target
PBCCRCPassGuardX.exe
-
Size
1.0MB
-
MD5
52e22babfbfaf59f14859e175856115d
-
SHA1
45dc92d8fc7f3aba824be0f0519c2844506a5960
-
SHA256
7fa6544460b039457311bb310882c84801efa6c535e5ea360948803deb90c0e1
-
SHA512
796568eae06ed17a81c7a36d392b8fd03ddbd76d746564f91a6d395fc8245453c1f574fc448d3cec93710abcc6c2e113c2df62fa4facd7b6676d7036855310bf
-
SSDEEP
24576:GLPh4AjgcRov+reCJUcvVvCAyuHsJVvUwr+II6:GLPh4DjCeCDvF1lw56y
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PBCCRCPassGuardX.exe