Analysis
-
max time kernel
0s -
max time network
1s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
30/03/2025, 20:22
Static task
static1
Behavioral task
behavioral1
Sample
972af59b414ad2c048db81d3cccc144163a98208db6a020fa430271c7886f377.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
972af59b414ad2c048db81d3cccc144163a98208db6a020fa430271c7886f377.exe
Resource
win10v2004-20250314-en
General
-
Target
972af59b414ad2c048db81d3cccc144163a98208db6a020fa430271c7886f377.exe
-
Size
372KB
-
MD5
1a3f75090e940358a474761a9a730b63
-
SHA1
5b09d4ad7e002e51a5151118b7cecb2eec16c36d
-
SHA256
972af59b414ad2c048db81d3cccc144163a98208db6a020fa430271c7886f377
-
SHA512
68f8651f8b44fdf483f582d71eb0f8011190475dd84f52fa13ccad4c5f631d727a9eeeef36b38d3f6c194aca823e3a9fa7cce1c4f23b5837f501f47926ed56f0
-
SSDEEP
6144:tHdgUkQx+HXGidCzj8LBb8Rw5Jdypyf6aCXYfhiue:t9qQx+H2i+8LBNbdypazCXYI
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 972af59b414ad2c048db81d3cccc144163a98208db6a020fa430271c7886f377.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2788 972af59b414ad2c048db81d3cccc144163a98208db6a020fa430271c7886f377.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\972af59b414ad2c048db81d3cccc144163a98208db6a020fa430271c7886f377.exe"C:\Users\Admin\AppData\Local\Temp\972af59b414ad2c048db81d3cccc144163a98208db6a020fa430271c7886f377.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2788 -
C:\Users\Admin\AppData\Local\Temp\972af59b414ad2c048db81d3cccc144163a98208db6a020fa430271c7886f377.exe"C:\Users\Admin\AppData\Local\Temp\972af59b414ad2c048db81d3cccc144163a98208db6a020fa430271c7886f377.exe"2⤵PID:1948
-
C:\Users\Admin\AppData\Local\Temp\hab.exe"C:\Users\Admin\AppData\Local\Temp\hab.exe"3⤵PID:2248
-
C:\Users\Admin\AppData\Local\Temp\hab.exe"C:\Users\Admin\AppData\Local\Temp\hab.exe"4⤵PID:2964
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
509B
MD5d2a2412bddba16d60ec63bd9550d933f
SHA1deb3d3bdc9055f0b4909b31d3048446848fae0e1
SHA25679ff2254e38192be1626d05bec6c82e10c85e1cf91df7440c4c443380a1e877a
SHA5128fecada107f72e59e43a689eeb8e2e18fa6134d0941c122025ed5bd00e5eab8114d7125bd289505be75641385a0c3f112d402c693f142c3ddc870d5fa8116e31
-
Filesize
372KB
MD5741e41dca0e72c64b11bd69d5a5b4013
SHA111fbe6ced7741ed6bdf081c3c98daf1107454442
SHA2569c29c710fcc8600e076b4aed7fb4407f7afba557540b094aefba3f5631c8fe01
SHA512e4603de3332c185079e2cc14b88b48fa519af5a8f576f313cb52ba7b6e93db9b9833266a4ad7358f3c7ef41c8e0a797e81294ad3faffa08747c52ee7a30ced5a