cf754789d9d9576007265ee391fd0ec02ba8fdb8877402ae3fba9d9918c0bbec

Analysis

max time kernel
110s
max time network
98s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/01/2025, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf754789d9d9576007265ee391fd0ec02ba8fdb8877402ae3fba9d9918c0bbecN.exe
Size

139KB
MD5

e6cb444f80909238ae04aba3056a6670
SHA1

cbcf3ae66f840b67365b93b30a8cabf3c1dea900
SHA256

cf754789d9d9576007265ee391fd0ec02ba8fdb8877402ae3fba9d9918c0bbec
SHA512

f51eb5ed116310830c5c5fce11bc3f88a2230d3750897ca962c627653bc547f9f5735f7a98eb984d6f40ce9754ca32ef3a15dbbda3a23108cea94c8092196806
SSDEEP

3072:hs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/Z/Fnncr5:hDeM7iNEkgiOb31k1ECFJq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cf754789d9d9576007265ee391fd0ec02ba8fdb8877402ae3fba9d9918c0bbecN.exe

C:\Users\Admin\AppData\Local\Temp\cf754789d9d9576007265ee391fd0ec02ba8fdb8877402ae3fba9d9918c0bbecN.exe
"C:\Users\Admin\AppData\Local\Temp\cf754789d9d9576007265ee391fd0ec02ba8fdb8877402ae3fba9d9918c0bbecN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-pewiwIvjkRhatWAu.exe

Filesize
139KB

MD5
8067d16e139102f4af05fe3dfa6779f1

SHA1
d1237c35553e0a83af64928637c1272d2cb7a789

SHA256
7b14c0270e40d3b7ccd6ccc2ffce4c07fff03e9412084b5b180ac968f55046d1

SHA512
ab143a95098b9dc007fab68ab16ab7e2f3517b7f3c80e30cd76cd0018ec5efa6b75584c8a91636b6d7e9c6837da6e719aeae6995d77e7abed5a67377281b78ff

Download Submit
memory/2368-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2368-7-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2368-14-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2368-21-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download