5015af8fb5725c4c9ebac28a890128587b888acddab6cc9ff06e94e782713882

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 03:39

Target

uacbypass.exe
Size

24KB
MD5

d469a87f9b996a9f898f437a72668d11
SHA1

f63f8f8fad87bd53d5ec3d5365952d4f84b1781c
SHA256

8c1fb2fe36a122f0c47b8bda438dfa69395587ca459823b7cb88e167cf3e9605
SHA512

3e9fb5f519225bcd4e7b3e86ba54ded9794cc2c6d760f21fd2d02f7045e918dd7d54ed5a24c7d6e61acebc27a6d3dd6419f80e90b8dfdfadf1fe9a29611b87b5
SSDEEP

192:ALKf4my3ssAnktY67AN3BwQbqVx9XA3TzbXun2DYVFkakH9Dqy8RN6cE7H5s4HnL:+/18s1tvHAqVDSDYBkdOJb67BHnFp

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

uacbypass.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language uacbypass.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uacbypass.exe

C:\Users\Admin\AppData\Local\Temp\uacbypass.exe
"C:\Users\Admin\AppData\Local\Temp\uacbypass.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1444

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact