29b963d2967085d6fac0e7048834ce02f677845639445b6af519649680e9fac4

Analysis

max time kernel
92s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2024 18:17

Target

341029725926d6ce55334f5a51dc1358.exe
Size

181KB
MD5

341029725926d6ce55334f5a51dc1358
SHA1

8f1663c10307c4ad9b6d43c748abc1c27cea2da8
SHA256

76e2040321ed7cc5ff6ced0a91b8e8546b7f9a4eab5802beb8ce137b0da48244
SHA512

6386ea5cefda66ab1bd11ae7527bdce3d5d0b6806f398583164af67a4c22ef2ebcea69f5dc9d42d6ba5c6675b56a1a82c1eca99d597992fc6de65a6c5572671b
SSDEEP

3072:LEinlOfZPvHa2FSK6vFmG6agepBvxdiNH7FO9pSg/wjzF5XXr1:rqZKMSBv83a7ppXiFFO98g/Ez

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	341029725926d6ce55334f5a51dc1358.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5032	341029725926d6ce55334f5a51dc1358.exe
5032	341029725926d6ce55334f5a51dc1358.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/5032-0-0x00000000013A0000-0x00000000016EA000-memory.dmp

Filesize
3.3MB

Download
memory/5032-1-0x00000000013A0000-0x00000000016EA000-memory.dmp

Filesize
3.3MB

Download