d9b75aaaf6f407be048ee1bcbbb8d5028a77d75cd365cdd3ed272d0c19404476

Analysis

max time kernel
110s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9b75aaaf6f407be048ee1bcbbb8d5028a77d75cd365cdd3ed272d0c19404476N.exe
Size

140KB
MD5

0698fb0cbfed6a8719f3b779fcfbd7a0
SHA1

10b950e5566001831ba31d97618a4befb6fcf04f
SHA256

d9b75aaaf6f407be048ee1bcbbb8d5028a77d75cd365cdd3ed272d0c19404476
SHA512

ee636121fc5425e6016c66af588d37eb43a784413ceeefa31958c004d92c4c06b9f260b964631585e452e5c267fce4bbb5d3c53c0d4b5791679fce070f3dda81
SSDEEP

3072:hs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/B/Fnncrd5971c:hDeM7iNEkgiOb31k1EC9Jy5J

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d9b75aaaf6f407be048ee1bcbbb8d5028a77d75cd365cdd3ed272d0c19404476N.exe

C:\Users\Admin\AppData\Local\Temp\d9b75aaaf6f407be048ee1bcbbb8d5028a77d75cd365cdd3ed272d0c19404476N.exe
"C:\Users\Admin\AppData\Local\Temp\d9b75aaaf6f407be048ee1bcbbb8d5028a77d75cd365cdd3ed272d0c19404476N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-Xs3kFV76RyQ9hyLf.exe

Filesize
140KB

MD5
ad00eb527214dfd00ab3aa03ac2b0b08

SHA1
24d0310683d7144591d232267e479b6e937decfc

SHA256
2a6891a3afcabf5eab0826ed0b9ca3f8cb54bf8059d0fa98c4ab789515df0dd1

SHA512
fce795d4890d24e06574f247aebbb76c3ed9c1cebfd41cee71359cbc63723150875eb51abe2b04d3a2b206d5f0a43a002970bd2ffd51701f27853b2affe0263a

Download Submit
memory/3184-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3184-7-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3184-14-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3184-21-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download