fd84148426c6188c0bdec2e66d1f4fda9392342adb0c225d64aaacce24ce8653

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 03:31

Target

helper[1].exe_.exe
Size

504KB
MD5

2599225a023f4d4c7e8d7f3361236615
SHA1

9a265bae87e87f01e1b17f02801f39c87da0c1bc
SHA256

d54e3bd3d6532cd9b1c0e66f8148063ae5889c0a76bc04876f3c32e3b58f1cb9
SHA512

d237976c619e05caf9dcdb7fae0d14acd5c34e3d3f47767bfcd3ba087cbe3b57b3ae159211a7a882446b8eed5ca956e72f71907a92950c68d142bdc7b136ece3
SSDEEP

12288:j3nZMhJ+ubNmzoOoTc5Bvt3AsRMoS9VqoQXeVQAoOPpE18zvV:j3nZqfbkzQTMJy9goQOV7P218zvV

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

helper[1].exe_.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language helper[1].exe_.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	helper[1].exe_.exe

C:\Users\Admin\AppData\Local\Temp\helper[1].exe_.exe
"C:\Users\Admin\AppData\Local\Temp\helper[1].exe_.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2344

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact