c55f121f6ad19064795e1d8c705ffe8fd4911ad01c50717faf26812159c212e6

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c55f121f6ad19064795e1d8c705ffe8fd4911ad01c50717faf26812159c212e6.exe
Size

482KB
MD5

25ccd7fc23571e481680cbaf00c4fbb4
SHA1

6ee31b0fec023ffc52ef7219a105466c727d8273
SHA256

c55f121f6ad19064795e1d8c705ffe8fd4911ad01c50717faf26812159c212e6
SHA512

25f030d943cf6a3f7475d3f00436d0cbd282de966d87cd3322b2332fb2a4be045b0d6246ed417627faede441807571c1c12c6fe3a057a21c677ab733147c81ae
SSDEEP

12288:FuD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZDS2+DY:o09AfNIEYsunZvZ19ZFs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c55f121f6ad19064795e1d8c705ffe8fd4911ad01c50717faf26812159c212e6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1716	c55f121f6ad19064795e1d8c705ffe8fd4911ad01c50717faf26812159c212e6.exe

C:\Users\Admin\AppData\Local\Temp\c55f121f6ad19064795e1d8c705ffe8fd4911ad01c50717faf26812159c212e6.exe
"C:\Users\Admin\AppData\Local\Temp\c55f121f6ad19064795e1d8c705ffe8fd4911ad01c50717faf26812159c212e6.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\xnxx\loss.dat

Filesize
144B

MD5
a0e5d06d05dfd6cabc20c43fb6a02402

SHA1
83c866e23739565f2b8b63e7f7619dfd0716e874

SHA256
009bf3c1c84b74a7724f7d142385730fb7ff50c9f9153400adce1d20eb9987d9

SHA512
dbbe1665f2d6fa5fcd041056f7dcbaeb98732d8c0d58fd6d092af49b13dc6a7389dd8e2d65e180059dd20a856f42933a9007189df4884f979e3dccc444025af7

Download Submit