81a3ca264eaf16203e588f1e99967dc86144ff510b6e05de5aa90921e2239a9d

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81a3ca264eaf16203e588f1e99967dc86144ff510b6e05de5aa90921e2239a9d.exe
Size

481KB
MD5

202a804d870f67ed1559f1b19836727e
SHA1

be5732cba197589977699d88d18983a529f9129d
SHA256

81a3ca264eaf16203e588f1e99967dc86144ff510b6e05de5aa90921e2239a9d
SHA512

b28be59454cd19bc310b481c1262b9fa367f8b8bca0a4fd3909ad80fe40636a9bb4e45ea2ea4c15a4736ec4c4b3113af3b5bc8a114ee4a0a2931a9c34c660586
SSDEEP

12288:3uD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZDS2+DY:q09AfNIEYsunZvZ19Z5s

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	81a3ca264eaf16203e588f1e99967dc86144ff510b6e05de5aa90921e2239a9d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
808	81a3ca264eaf16203e588f1e99967dc86144ff510b6e05de5aa90921e2239a9d.exe

C:\Users\Admin\AppData\Local\Temp\81a3ca264eaf16203e588f1e99967dc86144ff510b6e05de5aa90921e2239a9d.exe
"C:\Users\Admin\AppData\Local\Temp\81a3ca264eaf16203e588f1e99967dc86144ff510b6e05de5aa90921e2239a9d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\remcos\logs.dat

Filesize
144B

MD5
e33f7ba0a1df27742123d1fa8835c079

SHA1
ae0e1413ddd6ca4710e588312100dd96a0b97b7b

SHA256
98a3a05ddc5d539e7a1c4792858f002e04469f46469d61923a5364e15fe38557

SHA512
a8a429a02e372a0f0501d81f0efc02ce0c815140bcfdfbf06aca8165890f73f20f9953a0fe9dce12c37b466edb1be17afd572d75633a7049885e59ee9b4ebe2f

Download Submit