c858e10e29b769ca86445ba1bebdf708e88245da4e96c4afc967818e8293e099

Analysis

max time kernel
437s
max time network
1160s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-12-2024 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UDP.exe
Size

31KB
MD5

161f6beec09cd33d710f8f97365ee6f6
SHA1

9c408d1b53a1d03e8c7a3f85e050870f3d9a741f
SHA256

f73a89b6a5c42d21ee4f7a4d79ad784cdfd896bbe2453b60cf9688786f7a9d98
SHA512

e9f2afd6ad8216fa0f34cca29ba4d8753a03b187f4e9c29a0607e9b2ad932b788cb9a75db54df0db522e2a20d54a12992ed2396f40f06ab8cd76a89bcbf1e6be
SSDEEP

384:+ubvs5ed2wcTZr5bDDOp61lpHwdkJAqJDPHYM:hshb9r5b3Op8lVbJTJwM

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UDP.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1656	UDP.exe
1656	UDP.exe

C:\Users\Admin\AppData\Local\Temp\UDP.exe
"C:\Users\Admin\AppData\Local\Temp\UDP.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1656-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download