b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1

Analysis

max time kernel
1562s
max time network
1570s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/12/2024, 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The-MALWARE-Repo-master/Worm/Netres.a.exe
Size

372KB
MD5

d543f8d2644b09445d9bc4a8a4b1a8c0
SHA1

72a7b4fb767c47f15280c053fba80de1e44d7173
SHA256

1c0e2b7981ffa9e86185b7a7aac93f13629d92d8f58769569483202b3a926ce5
SHA512

9cd77db4a1fe1f0ec7779151714371c21ed798091d9022cec6643c79b2f3c87554a0b7f01c4014e59d0d1a131922a801413d37236ef1c49506f8e1aa5b96e167
SSDEEP

6144:YEo6WDhsj7atyB3FATvzOdy9uyEP4TpDaO5pHCclI0SCVsMHAiBq2R:IzDhmatywCdy9uxPI75C0VVsUBq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Netres.a.exe

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Worm\Netres.a.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Worm\Netres.a.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\v1.log

Filesize
479B

MD5
0b3b280af6f3b6318769526a546e9a4c

SHA1
b0d0d5a20f2c65c07cd3ddabbe27a9df7d8102a2

SHA256
ab8e5934047dea1a5e48798cca70564bf7c4e465f2ffd196d15b23da7d21ea56

SHA512
08924be7265d066933c7caee3b1af519b14434b79ce1534f49507564fb57eabbbc2ed9f58f02915920db00cef7be96c7bb162ed2983758ef40bf842d1b4d6980

Download Submit
C:\v1.log

Filesize
1KB

MD5
061d549184f498d85b41f84ca74938ec

SHA1
ad9f0662fc053e09efd9b642d0a81bd99107c056

SHA256
c3e454d20b4cc50dd62eb830d1913b9bd736d9cf20fd080297f3fc531d091532

SHA512
7190ce051fd3c1b33c1dc61beda68b94c9292d9f50adb90eda225bd10384f5ca58cb1a0d08fb84824f98ff3cb19e63dd5f30d797527236acdca322075ee26afe

Download Submit
C:\v1.log

Filesize
235B

MD5
9837b67e06a244e2961fccbd4d323c4e

SHA1
10c2f249ec98431bfd7f604f968eb226ea0613bf

SHA256
328c916e323676aac621f071336e829495ae3b7966ed7dcab4a3b404792792ae

SHA512
10256e462a3f307dd5e0daa462b50271d7c5c7e01cda942a054c13df060f40bd59e14571d58c3adfbf4e000ecc10b0aa7f004a808a25b5478b1e0fbdd36fa655

Download Submit
memory/2068-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2068-43-0x0000000051000000-0x0000000051064000-memory.dmp

Filesize
400KB

Download