76586617f0f0492574ede863dd8b661f0da7ae3342e5d61f6d68dd6d7a37342f

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GNU/astyle.exe
Size

116KB
MD5

0d52a634dd4e6612002f2d0163a49856
SHA1

0f0d8c1c22a361ba1b24d6bd585873ffbc472558
SHA256

677e086b163a4e5201468b90f5910e9c119bc92c0bd1d41e50f8acfcd54d4dbd
SHA512

9899d95f6c09bccb446372b8e01e1b120fa063d69b31502bc74cd4c91f1c3a9db4eee4c42442150ceb2345d6e1f6debc0d3d5cd83f45bba57ffcfc1a15bd5bbe
SSDEEP

3072:WN8DtH/CtB1ocY45O+I+Sfer2GeOji+g6DuOU4:WN8CoUI/eI+g6DuOU4

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	astyle.exe

C:\Users\Admin\AppData\Local\Temp\GNU\astyle.exe
"C:\Users\Admin\AppData\Local\Temp\GNU\astyle.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads