b497ae4e48e97c04cebe2d1951472e0fdcb46b24d7ed7083a7571ecc3ac24f9d

Resubmissions

09/01/2025, 21:48

250109-1n5lfsskf1 10

09/01/2025, 21:32

250109-1dl2cstnhr 10

Analysis

max time kernel
900s
max time network
409s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2025, 21:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Tiny v0.2/Tiny.exe
Size

618KB
MD5

b9f7f125066c414f71fb9b805879a4cf
SHA1

e7a5ea344304f289029d031b012a680b689aa7d1
SHA256

d944181cf3c1dc7b02d30d4802d491a99f42a181446ce1be7710724541210c7d
SHA512

4bd845189e56aaa0ff55a321372ff7b3ab6cf68a272787371c014f70831eca56d6b03365a4f8589b1f3b55a083c8d908e9cb9f6167ac868113354d9ca436433f
SSDEEP

12288:ILEddxz9C1r0twaY0lmJZdwA8mRARNC+y9ErlfSu:KE/XFA4pAARNCvulfSu

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tiny.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe
1048	Tiny.exe

C:\Users\Admin\AppData\Local\Temp\Tiny v0.2\Tiny.exe
"C:\Users\Admin\AppData\Local\Temp\Tiny v0.2\Tiny.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-0-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1048-1-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/1048-2-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1048-25-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download