2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88

Analysis

max time kernel
94s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 19:53

Target

2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88.exe
Size

164KB
MD5

4b4d427e49d491bbc1adc12c58d4f3cb
SHA1

e81bc2f464ecd2b5320541276eb164f7b985faa3
SHA256

2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88
SHA512

81d784ff66160d97e903bad07f30db03115b9b155116d4b36534e221994029a6fda11740b7db02b3c26c281353810f4422892d4cc95f3224c512f882c4f84eae
SSDEEP

3072:sFdJPljcg5l+lhlTgMxTunY7WX49t05yGDqq36Z6PuW3w2RwQ3:ofqZkMxUmWo9t057DqqqoP/wqw+

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3672	2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88.exe
3672	2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/3672-0-0x0000000001220000-0x000000000156A000-memory.dmp

Filesize
3.3MB

Download
memory/3672-1-0x0000000001220000-0x000000000156A000-memory.dmp

Filesize
3.3MB

Download