28c63badc7f7d71d2d1f0944e2320552d60580bf4b8b6e2d7bca6b238a15bd3e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28c63badc7f7d71d2d1f0944e2320552d60580bf4b8b6e2d7bca6b238a15bd3e.exe
Size

3.2MB
MD5

acbff8c298542fbdd5600744c41c3a92
SHA1

2b85f2583146de4d838c004a33386e7901c36913
SHA256

28c63badc7f7d71d2d1f0944e2320552d60580bf4b8b6e2d7bca6b238a15bd3e
SHA512

905d4f8c5dee46175a20a9eff1b915c557b5ca343e7d0830542cf4e84bbac27fc7b71a07574ccbee443e0db5e3c1d64aebe81e2da2d577c65b86ff9f8efe92cc
SSDEEP

98304:XAKKVaiOHFwiGpDPcgMqpfP65NJpUrZtnsV2E/d:N0fTN9cyy5NJSxsV/d

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2680	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	28c63badc7f7d71d2d1f0944e2320552d60580bf4b8b6e2d7bca6b238a15bd3e.exe

C:\Users\Admin\AppData\Local\Temp\28c63badc7f7d71d2d1f0944e2320552d60580bf4b8b6e2d7bca6b238a15bd3e.exe
"C:\Users\Admin\AppData\Local\Temp\28c63badc7f7d71d2d1f0944e2320552d60580bf4b8b6e2d7bca6b238a15bd3e.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2840
- C:\Users\Admin\AppData\Local\Temp\7zS81B3DCF6\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS81B3DCF6\setup.exe --server-tracking-blob=OTcwYWUwYjY3NGNhNjYwNTNiMTZlMmIxZjhmNGRiMzUwZmU1NjY2YjUyNzE1YTZiYmViZjA2NTg1OGNiNzBjZjp7ImNvdW50cnkiOiJKUCIsImVkaXRpb24iOiJzdGQtMSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2JpcnRoamVhbnMuaWN1LyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0hLX01WUl9ERF8zNjYxJnV0bV9pZD1iZjEwZjk1ZmVlZGE0MzY4YmIwYzc3ODk2NmEyMGZiZiZ1dG1fY29udGVudD0zNjYxXzEwMDQwNjIiLCJ0aW1lc3RhbXAiOiIxNzMyMDM0NzU1LjgzMjIiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTMxLjAuMC4wIFNhZmFyaS81MzcuMzYgRWRnLzEzMS4wLjAuMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9IS19NVlJfRERfMzY2MSIsImNvbnRlbnQiOiIzNjYxXzEwMDQwNjIiLCJpZCI6ImJmMTBmOTVmZWVkYTQzNjhiYjBjNzc4OTY2YTIwZmJmIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjg1ZDJkNGQtOGIzMy00NTdiLThlNmEtMjczOTA2MTMwNzE0In0=
  2⤵
  - Executes dropped EXE
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS81B3DCF6\setup.exe

Filesize
6.5MB

MD5
a16e857704e7635dde8cd009062b2aae

SHA1
677a0463e9af29ba2d450e6312b250ac627adb24

SHA256
f4a67d808955567da2212a980afaa0bdc003ed2c5be4017781e3985a63fa0c68

SHA512
0f933d04534212d35c2a691c440662508ce81c7c091c9ce0198640859421d3099546475b91289a2459454e67c4b9e8989f799a9a1c2579d1c935cdc8edf31a16

Download Submit