0e6dc61eef774aaaf2688f2d1052089d0740c9e9d80cc9d877b1b6cb6b94a68c

Analysis

max time kernel
86s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
29-01-2025 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ispell/wabmig.exe
Size

65KB
MD5

ad6081f6434a2e186e49f64c069cd8bf
SHA1

698495aefe64d3afebee4f035ac39a505c5e60ed
SHA256

7e3b061a41ab3bf3f6f6a701148e50769e1208abab70235b85e1cf0e929729e1
SHA512

45f8f07cf333ca1ace8aacfe7ec464995df3e54308f8ab1796058b5c16b89da0988f56586bbebaea5fd60e3031e45d1a25c5bb7694201d452d680d6762eb9c5d
SSDEEP

768:MZFy13ejz6OV99VwhCnQeTF4Fs5p4+2KW0s20Uibyx:MZsgRQeTF4A3WBVUue

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wabmig.exe

C:\Users\Admin\AppData\Local\Temp\ispell\wabmig.exe
"C:\Users\Admin\AppData\Local\Temp\ispell\wabmig.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads