c255a3e69cfb60a03e36708b75ccdf5eb46ffdcb6090b8796e3e9eb2e96e33a9

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c255a3e69cfb60a03e36708b75ccdf5eb46ffdcb6090b8796e3e9eb2e96e33a9.exe
Size

99.2MB
MD5

59952be960e9658afdc275a0c92f26f5
SHA1

5465a06562889a3914cfd8fdfec8f24f9d153df0
SHA256

c255a3e69cfb60a03e36708b75ccdf5eb46ffdcb6090b8796e3e9eb2e96e33a9
SHA512

bc4e48bfd66d45019d2d49eb60d141dfb2f0ef59b7c8cdeeb983f95b1c482ce8878c930b835a3b5346e6ea333a9aca560196270f88725e36534931536155d367
SSDEEP

98304:8IZUB34/i89qCiMUQxk3MkoqRVwreOhj0t9NddXdOayXK1p:tKwLqlboqRVwrei0tDHXk

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c255a3e69cfb60a03e36708b75ccdf5eb46ffdcb6090b8796e3e9eb2e96e33a9.exe

C:\Users\Admin\AppData\Local\Temp\c255a3e69cfb60a03e36708b75ccdf5eb46ffdcb6090b8796e3e9eb2e96e33a9.exe
"C:\Users\Admin\AppData\Local\Temp\c255a3e69cfb60a03e36708b75ccdf5eb46ffdcb6090b8796e3e9eb2e96e33a9.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4180-0-0x00000000093D0000-0x00000000093D1000-memory.dmp

Filesize
4KB

Download
memory/4180-1-0x00000000009F1000-0x00000000009F2000-memory.dmp

Filesize
4KB

Download
memory/4180-2-0x00000000009E0000-0x0000000006D9C000-memory.dmp

Filesize
99.7MB

Download
memory/4180-4-0x00000000093D0000-0x00000000093D1000-memory.dmp

Filesize
4KB

Download
memory/4180-3-0x00000000009E0000-0x0000000006D9C000-memory.dmp

Filesize
99.7MB

Download