be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/01/2025, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
Size

481KB
MD5

50dd6e5820551b0f7dd7f8b627595213
SHA1

05d3291e0ae3774b52c2b0cd3e402c71c635d003
SHA256

be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5
SHA512

a40bfa8ac20af5e959bb804c9de22453a20c818a3e05fff8345510fe8e97eebb941b53500aa0189b248b492e06155e9bc82950ce74db168656bc6924babe58a6
SSDEEP

12288:713ak/mBXTG4/1v08KI7ZnMEF76JqmsvZQDS:hak/mBXTV/R0nEF76gFZc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
632	be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe

C:\Users\Admin\AppData\Local\Temp\be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe
"C:\Users\Admin\AppData\Local\Temp\be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\remcos\logs.dat

Filesize
184B

MD5
cf329dc63915797fe3c064cfa0b482d2

SHA1
bee37da3fcfe191e799e63a748beb6a1776235b4

SHA256
724b8913a8ed52112422e3bd1d94005d6e98951a25ddc9852d941c583791f1f3

SHA512
0f55adfa62de0277888adfa20149068fe85314097f960461167ad842916bf18eedea9ba457e9b80f33a1a3df82151fce461a74932a42aeb04154188cd34ad2ef

Download Submit