87e1f0d9f8af4200a255a8cbc40c0090adf7564269eeca7b4854344b077d2bc3

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/12/2024, 00:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VenxHub NFA Tool.exe
Size

3.5MB
MD5

5c23fcf12fc44082d8d146f313c33dc7
SHA1

7efa4e9c89feeeea3145c08553ecbb0d98e26974
SHA256

87e1f0d9f8af4200a255a8cbc40c0090adf7564269eeca7b4854344b077d2bc3
SHA512

07a208f3b1174d0744fe6514f99abd7c1088cdfaab8af1e0b6299547771bc924430f80f61150be3af9a9a45dd6fa14684f6099df77b35ce6c801e5577de81f33
SSDEEP

49152:eYy53dgucgciQLJ/MzV47Zb/9BPABDaccgX8owpoFkqXfd+/9At5Dt48anoL5:Gwulch/eV4d2MgXzwYkqXf0FMG8WoL

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VenxHub NFA Tool.exe

C:\Users\Admin\AppData\Local\Temp\VenxHub NFA Tool.exe
"C:\Users\Admin\AppData\Local\Temp\VenxHub NFA Tool.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/576-0-0x0000000074CBE000-0x0000000074CBF000-memory.dmp

Filesize
4KB

Download
memory/576-1-0x0000000000E40000-0x00000000011C6000-memory.dmp

Filesize
3.5MB

Download
memory/576-2-0x0000000074CB0000-0x000000007539E000-memory.dmp

Filesize
6.9MB

Download
memory/576-3-0x0000000004E80000-0x0000000004FF6000-memory.dmp

Filesize
1.5MB

Download
memory/576-4-0x0000000000550000-0x0000000000582000-memory.dmp

Filesize
200KB

Download
memory/576-5-0x00000000061B0000-0x0000000006262000-memory.dmp

Filesize
712KB

Download
memory/576-6-0x0000000074CB0000-0x000000007539E000-memory.dmp

Filesize
6.9MB

Download
memory/576-7-0x0000000074CB0000-0x000000007539E000-memory.dmp

Filesize
6.9MB

Download
memory/576-8-0x0000000074CBE000-0x0000000074CBF000-memory.dmp

Filesize
4KB

Download
memory/576-9-0x0000000074CB0000-0x000000007539E000-memory.dmp

Filesize
6.9MB

Download