acb311ea9ee1068d37e11d526dcfaa4c7cb044bc5a64a14eea68f3622455e40c

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acb311ea9ee1068d37e11d526dcfaa4c7cb044bc5a64a14eea68f3622455e40c.exe
Size

3.6MB
MD5

1c81761aa6d6b3713624fd9db865a142
SHA1

e69d4036421fcad4941b676ca91513c0bab22957
SHA256

acb311ea9ee1068d37e11d526dcfaa4c7cb044bc5a64a14eea68f3622455e40c
SHA512

ac1a74040528217fbedbd4db95771464610f72036f1ebd0dd82ff038c8bf05f076171777119e4f17a4e0ff5a98016d56c82a27aa3ec5f7ee9e3d3fa8bacd67ac
SSDEEP

98304:85o8B/WB4mv4DiUFKDGn1NvIAhq852jJeksKN0L/2tzvO:KfI46JUF9n1NAA9MjJeksk0CvO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

acb311ea9ee1068d37e11d526dcfaa4c7cb044bc5a64a14eea68f3622455e40c.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acb311ea9ee1068d37e11d526dcfaa4c7cb044bc5a64a14eea68f3622455e40c.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

acb311ea9ee1068d37e11d526dcfaa4c7cb044bc5a64a14eea68f3622455e40c.exe

pid	process
2344	acb311ea9ee1068d37e11d526dcfaa4c7cb044bc5a64a14eea68f3622455e40c.exe
2344	acb311ea9ee1068d37e11d526dcfaa4c7cb044bc5a64a14eea68f3622455e40c.exe

C:\Users\Admin\AppData\Local\Temp\acb311ea9ee1068d37e11d526dcfaa4c7cb044bc5a64a14eea68f3622455e40c.exe
"C:\Users\Admin\AppData\Local\Temp\acb311ea9ee1068d37e11d526dcfaa4c7cb044bc5a64a14eea68f3622455e40c.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2344-0-0x0000000000400000-0x00000000007C6000-memory.dmp

Filesize
3.8MB

Download
memory/2344-1-0x0000000000400000-0x00000000007C6000-memory.dmp

Filesize
3.8MB

Download
memory/2344-2-0x00000000023B0000-0x0000000002706000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3-0x00000000023B0000-0x0000000002706000-memory.dmp

Filesize
3.3MB

Download
memory/2344-5-0x00000000023B0000-0x0000000002706000-memory.dmp

Filesize
3.3MB

Download
memory/2344-4-0x00000000023B0000-0x0000000002706000-memory.dmp

Filesize
3.3MB

Download
memory/2344-6-0x0000000000400000-0x00000000007C6000-memory.dmp

Filesize
3.8MB

Download
memory/2344-7-0x00000000023B0000-0x0000000002706000-memory.dmp

Filesize
3.3MB

Download