51b3773145652b5d559396a08e1282a3a1d92d4df473f774d61791386fca0598

Analysis

max time kernel
314s
max time network
320s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 03:09

Target

c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe
Size

26KB
MD5

01a18db18af5cd780eab9bbadd881e8c
SHA1

36728334c4d1bb927310e0f1268b3890f2bd2457
SHA256

c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0
SHA512

ea81c1340b8ddbd9a6e796ddb5b18e55c575ac974dcf66ad40ff188f85ae630fe68fa58c2bddd0aef859b5e3ea31b01ed2ee025c49d06e7a6053bb469de0dffe
SSDEEP

384:fyHccS+efqM7e5at0CdiSw+L0mNBrJKJ0wmQVrIUzf0tWqPWNnokwkwAetW:KHJkqM7eERYSw6ZTwHFIUAsqm

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

Processes:

c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe

C:\Users\Admin\AppData\Local\Temp\c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe
"C:\Users\Admin\AppData\Local\Temp\c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3024

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/3024-0-0x000000007447E000-0x000000007447F000-memory.dmp

Filesize
4KB

Download
memory/3024-1-0x0000000001010000-0x000000000101C000-memory.dmp

Filesize
48KB

Download
memory/3024-2-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/3024-3-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/3024-4-0x000000007447E000-0x000000007447F000-memory.dmp

Filesize
4KB

Download
memory/3024-5-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/3024-6-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/3024-7-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/3024-8-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download