99e10e5b9cb36d1c54816ef6ce4359663b47c110a194d3498f23deb53916ca0d

Analysis

max time kernel
96s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xFire.exe
Size

536KB
MD5

34bf62f4c02887b3cd14a9c544453b3c
SHA1

4f7e75966250feb111f6eef46f1430b0d7215443
SHA256

75a80f7c5069cd46ff67a5a3806ed8ba81a83cbeab3d7b3db02cd4101d693888
SHA512

2ac97e52cf388b44a3311b5f130c3188684a05db8ed4ad3eedb7d3758b2ccd5ff2f083c2d18332076b9a3b92abc5ac1e3bacc372f2abd8041a76aff605952279
SSDEEP

3072:7BxC6V1Lp4YMoMq4DQUC7pCslWg6BcafQf1WiFozuhs+BvvP+sBfcRFa5Ku//Ko1:7PJBNPfgKOiK4Kr9Ss3sPC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xFire.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4048	xFire.exe
4048	xFire.exe
4048	xFire.exe

C:\Users\Admin\AppData\Local\Temp\xFire.exe
"C:\Users\Admin\AppData\Local\Temp\xFire.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads