3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f

Analysis

max time kernel
95s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 20:23

Target

3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f.exe
Size

168KB
MD5

7f753d39fa1d4bbb709b2f01475760a1
SHA1

33c277c9d3806f5989968d3862ec5556d5fe0360
SHA256

3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f
SHA512

0b481a12ba23288781d5524782992f269fa683f07b6feda12b506f948d9bdeb8bdb3432ab423e2d111240d7f5cc3da2d7a833aa82da81455be266bfe4897a56e
SSDEEP

3072:KhJVcjA/9m3CdyY7MHxBA1e3bMcCQ7PKQkvQgMvvPlaQNL/5AR:KBSWyWMHXAwrMcCs2UMQNLq

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4780	3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f.exe
4780	3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/4780-0-0x00000000017C0000-0x0000000001B0A000-memory.dmp

Filesize
3.3MB

Download
memory/4780-1-0x00000000017C0000-0x0000000001B0A000-memory.dmp

Filesize
3.3MB

Download