f55c0e2f2fea4f73039b163e4f76b1a332e0dd3e72b4564d29cc9f2dce792e60

Analysis

max time kernel
95s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f55c0e2f2fea4f73039b163e4f76b1a332e0dd3e72b4564d29cc9f2dce792e60.exe
Size

7.8MB
MD5

62c0bca226555f8d80b2c84a22b486cc
SHA1

0b38ba7242bb1b738bb22756495b88332d098535
SHA256

f55c0e2f2fea4f73039b163e4f76b1a332e0dd3e72b4564d29cc9f2dce792e60
SHA512

58a6424544edeb932235952fa4c85fbbe586b85fa98b90b0b397e7bb58c7f1dd8080b93e658e1afa6da133dae4fc888a152b8b67cbdfd947118298d2f190d36a
SSDEEP

196608:rw9aZUXJ4Yj4rN01H76df1llsc1Cg9CQ7/v:hrN01H76df1llTUG

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f55c0e2f2fea4f73039b163e4f76b1a332e0dd3e72b4564d29cc9f2dce792e60.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
828	f55c0e2f2fea4f73039b163e4f76b1a332e0dd3e72b4564d29cc9f2dce792e60.exe
828	f55c0e2f2fea4f73039b163e4f76b1a332e0dd3e72b4564d29cc9f2dce792e60.exe

C:\Users\Admin\AppData\Local\Temp\f55c0e2f2fea4f73039b163e4f76b1a332e0dd3e72b4564d29cc9f2dce792e60.exe
"C:\Users\Admin\AppData\Local\Temp\f55c0e2f2fea4f73039b163e4f76b1a332e0dd3e72b4564d29cc9f2dce792e60.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\µÇÂ¼Æ÷ÅäÖÃÎÄ¼þ\µÇÂ¼Æ÷ÎÄ¼þ.ini

Filesize
100B

MD5
c4c3e779ba6e39d24e5159e3a789f0aa

SHA1
34b94c0bcaa41bd2de4b52db74b12d1628a6b0e7

SHA256
b978f3c836ded7514e386f701cd41c4eb778d37347ee793855c9b53842a707f7

SHA512
39ccf4c714f98c41cf105729543f3704c15767333e2f140868d142068656b3f15998367b396f776f1280d9e416b741dbc45b4dc999c102271ee9ad92b4ba209a

Download Submit