b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1

Analysis

max time kernel
1564s
max time network
1581s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
13-12-2024 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The-MALWARE-Repo-master/Worm/Netres.a.exe
Size

372KB
MD5

d543f8d2644b09445d9bc4a8a4b1a8c0
SHA1

72a7b4fb767c47f15280c053fba80de1e44d7173
SHA256

1c0e2b7981ffa9e86185b7a7aac93f13629d92d8f58769569483202b3a926ce5
SHA512

9cd77db4a1fe1f0ec7779151714371c21ed798091d9022cec6643c79b2f3c87554a0b7f01c4014e59d0d1a131922a801413d37236ef1c49506f8e1aa5b96e167
SSDEEP

6144:YEo6WDhsj7atyB3FATvzOdy9uyEP4TpDaO5pHCclI0SCVsMHAiBq2R:IzDhmatywCdy9uxPI75C0VVsUBq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Netres.a.exe

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Worm\Netres.a.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Worm\Netres.a.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\v1.log

Filesize
479B

MD5
e3cf0bd528678e1d7b4d12dea4626494

SHA1
9c9eb80976c7e8699edac848ee81f0cef521ed4e

SHA256
7b709fd0681caf97c46261df9424fe20db5edc0c7f6a6388358264c617d748a0

SHA512
6a85c622ee85c9925420d74ebb1d0f9ad8c1d3536e41abcc150386f6f65c99e00382c40335ee61e80b0299c8ea0d68f358c5c2fca8d50be4d3140a6532ea8eb6

Download Submit
C:\v1.log

Filesize
697B

MD5
0b1712e6d20be23e0f5ecb11e90e001e

SHA1
e0f532a803546877cf68152a8ccb22623939b6e9

SHA256
24766676a4110d83f2ee8a44af2807698560c27b78f1e54f0495a604f03ab108

SHA512
e1c59624d4ea08e0b18db5a19980c0e93a9564b057aaa3639a662afd001ddd160444b0fc6499a69543276f0ded49f53bce7996966cc2fe2ce566e55714c6cbc6

Download Submit
memory/4220-0-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/4220-16-0x0000000051000000-0x0000000051064000-memory.dmp

Filesize
400KB

Download
memory/4220-17-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/4220-26-0x0000000051000000-0x0000000051064000-memory.dmp

Filesize
400KB

Download