9e364ccf2384a19973de23c0b730e50a84a250f915e09253e77740baa69eb9bb

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 09:20

Target

Bin1799/Plugins/GetPswd32.exe
Size

731KB
MD5

6d17bb7e8958d4927296261af95b4cd3
SHA1

1f598160904b136c8b2ac4cf9a0f2aa7358ab861
SHA256

59f9bb49b41f3206b60b4d479000bf9fff7ef73fb1fda55b2eb13231482c8c22
SHA512

c58f2abdc50c33c37534730502ae09df39a0e7d3ae9cd38dfd16d363e4f0e80e6b0193eb44b61bdf8cfa9ebae221d3bdb9a47a6efb9a393dd1360296c1a12f1e
SSDEEP

12288:Gh3/4Ec7oDbB1iU5nF3c9HGNKrH0wOv+zRjhva+yLnXKlXh2:G2Ec7CL5F3zKrHvOv+zL4Ln6v2

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

GetPswd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GetPswd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GetPswd32.exe

C:\Users\Admin\AppData\Local\Temp\Bin1799\Plugins\GetPswd32.exe
"C:\Users\Admin\AppData\Local\Temp\Bin1799\Plugins\GetPswd32.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2128

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact