63f66c8c25bd326511fed28aaf214e602c85c2f7793a47cfd5e0f38842a6b86d

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/01/2025, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63f66c8c25bd326511fed28aaf214e602c85c2f7793a47cfd5e0f38842a6b86d.exe
Size

481KB
MD5

3b2dfefa045f3257002ad8313e5d9db2
SHA1

48b70b309dc15e419112e09c48c93145b6634019
SHA256

63f66c8c25bd326511fed28aaf214e602c85c2f7793a47cfd5e0f38842a6b86d
SHA512

ada39e1f3cba0c6307062eaeebd1b9ac53d57ee5195ba1c645f3d4b03dc3cb1e24c0c4dfc9a7d4e042981cd5561f9a5a2b55ad3e5df9b4efa74cf7e5eedea58a
SSDEEP

12288:L9PgP3HAMwIGjY4vce6lnBthn5HSRVMf139F5woxr+IwtHwBtFhCsvZD5W+P32:Z43HfwIGYMcn5PJrZw+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	63f66c8c25bd326511fed28aaf214e602c85c2f7793a47cfd5e0f38842a6b86d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2508	63f66c8c25bd326511fed28aaf214e602c85c2f7793a47cfd5e0f38842a6b86d.exe

C:\Users\Admin\AppData\Local\Temp\63f66c8c25bd326511fed28aaf214e602c85c2f7793a47cfd5e0f38842a6b86d.exe
"C:\Users\Admin\AppData\Local\Temp\63f66c8c25bd326511fed28aaf214e602c85c2f7793a47cfd5e0f38842a6b86d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\remcos\logs.dat

Filesize
144B

MD5
28a4b75fb4b63e99502729d3d9447d9a

SHA1
2683dfb3415f279c416d7bc6233140e20952c2df

SHA256
2de23d3481d6d67c55baa98aa1e82b334cfa677d72671c3670631b45338e56c7

SHA512
bd676ea81ccf8f9aaf1a7efea53850833ba38f8a673321875b3027cc7a242ccf17a94c05218f6f98f9d84df596bc422cf3466a031c80a06d92adb4236379ce22

Download Submit