350bda369f2ba99b05a7a9ea7a8fa4044420e4678430e6c8b14954e9b49a48e2

Analysis

max time kernel
120s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

350bda369f2ba99b05a7a9ea7a8fa4044420e4678430e6c8b14954e9b49a48e2.exe
Size

482KB
MD5

5b3f3d323d4c7b793b8814f8a1b8109d
SHA1

b0a879d04895f334cc3d0c5147d1acefd6d93773
SHA256

350bda369f2ba99b05a7a9ea7a8fa4044420e4678430e6c8b14954e9b49a48e2
SHA512

d12c5581177ce961b410d0c86861f343ca78e1c5730c8e31bb80699f4ebb14d6f230ef07dcbc35eba1593dcb5102d5a53d6a4d304894b5a88b53bdcfafdcbc3c
SSDEEP

12288:N13ak/mBXTG4/1v08KI7ZnMEF76JqmsvZQMSq:Hak/mBXTV/R0nEF76gFZHl

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	350bda369f2ba99b05a7a9ea7a8fa4044420e4678430e6c8b14954e9b49a48e2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3296	350bda369f2ba99b05a7a9ea7a8fa4044420e4678430e6c8b14954e9b49a48e2.exe

C:\Users\Admin\AppData\Local\Temp\350bda369f2ba99b05a7a9ea7a8fa4044420e4678430e6c8b14954e9b49a48e2.exe
"C:\Users\Admin\AppData\Local\Temp\350bda369f2ba99b05a7a9ea7a8fa4044420e4678430e6c8b14954e9b49a48e2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\remcos\logs.dat

Filesize
144B

MD5
396ec78c3d4e1a3c274f7ccee5166962

SHA1
d141a08a755794dab5a7a465ccbd97bf29c0296c

SHA256
6db59888ec57eb6ded7f3762de60ac19bc87369263d57e396ae19fe519d95bfe

SHA512
16983fe27264933e57471a671da3933464d12e8eef11f9c9e4d0f94711e30d5c8b4d5c3254f19f8dda3f48e4a8648864afaec4a21126fae214453d51b64e4a55

Download Submit