a6f4cb43f5c981bd2487070b54f120657c5035bee380039573b2cecd78842e8a

Analysis

max time kernel
147s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6f4cb43f5c981bd2487070b54f120657c5035bee380039573b2cecd78842e8a.exe
Size

468KB
MD5

e55f17492192ff23fadd5e76d777f5c4
SHA1

789dd857137ac5dd0e2b8d5adb8749c925c2dfe4
SHA256

a6f4cb43f5c981bd2487070b54f120657c5035bee380039573b2cecd78842e8a
SHA512

df9ed1f7c210258ca5ab56eed0d9ea266d7c6f53bd08f469b7860714176b85cd5dcf2168639b46be2c591d3aea1dc8e6f2cc597fb72a5933487bc69d4403c177
SSDEEP

3072:hDDKowLNjy8U6bYPfzsjYf5/lhAoIpBhmHeAVXxC0rXX2INlZlk:hDmoILU6kfwjYfx0VaC0zGINl

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a6f4cb43f5c981bd2487070b54f120657c5035bee380039573b2cecd78842e8a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2264	a6f4cb43f5c981bd2487070b54f120657c5035bee380039573b2cecd78842e8a.exe

C:\Users\Admin\AppData\Local\Temp\a6f4cb43f5c981bd2487070b54f120657c5035bee380039573b2cecd78842e8a.exe
"C:\Users\Admin\AppData\Local\Temp\a6f4cb43f5c981bd2487070b54f120657c5035bee380039573b2cecd78842e8a.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-65073.exe

Filesize
468KB

MD5
85d188b21ca9db27cc26097938e1a2a3

SHA1
cf95532f64f1d48c936b362a44154eeffe8f6d20

SHA256
b5f3dee9e662005b4dff859542e02da679f9100de57f697bb75472ee1497a6fd

SHA512
01e66f4449cafc291e3ad0cd434ef9629d1858c21d5697eec5ed98cdbdf4ce2a117ac6977dfa67fbe8eff9c629ee387a40c47dc6188bf3c17c65493afc8496ca

Download Submit
memory/2264-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-29-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download