1aa60e99e1a78cdc167e64e85a7bc75b338767e58563c40e84b695d02a98ce2f

Analysis

max time kernel
92s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 03:18

Target

$_1_/PanoramaStudio4Pro.lrplugin/win/appPath.exe
Size

13KB
MD5

157143cd19d3f2a85e3e656ba0369221
SHA1

024902b0459ad2929470c5e29078e5a20673f27b
SHA256

edfe9e3bba7dc6f1023dd1821b339fbee5fca4caf75e3577065751825760dd58
SHA512

82a9b0352ecd3e3d38940aaac1fa3bb6cb29eb293534ab39a5b192bd50b22d22afafb0ebfe60b87efe29de162ab2e032aaac51848b964ec59d3d696a74c5d0ff
SSDEEP

192:JtfrzZ71+zuXWUSJJ9EqOPzu88TgBxe1HCjm+T8l0ijwQSBK:JtfrpEzuXWUShF8pK5+T85MQSA

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

appPath.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language appPath.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appPath.exe

C:\Users\Admin\AppData\Local\Temp\$_1_\PanoramaStudio4Pro.lrplugin\win\appPath.exe
"C:\Users\Admin\AppData\Local\Temp\$_1_\PanoramaStudio4Pro.lrplugin\win\appPath.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3060

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact