Added new test to T1614.001 "Discover System Language by Windows API … (#2857)

* Added new test to T1614.001 "Discover System Language by Windows API Query"

* Fixed indentation on line 139. Added input arguments

* Fixed indentation on line 126

* Added markdown formatting.

* Added C# source code as requested

* Removed input arguments because not arguments are supported.

* Updated exe output

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

atomics/T1614.001/T1614.001.yaml

@@ -114,3 +114,26 @@ atomic_tests:
     elevation_required: true
     command: |
       dism.exe /online /Get-Intl
+- name: Discover System Language by Windows API Query
+  description: |
+    This test executes a custom script called LanguageKeyboardLayout.exe which outputs the values of the following Windows API functions to the user terminal: 
+
+    `GetKeyboardLayout`, `GetKeyboardLayoutList`, `GetUserDefaultUILanguage`, `GetSystemDefaultUILanguage`, `GetUserDefaultLangID`.
+
+    Documentation for these functions is located [here](https://learn.microsoft.com/en-us/windows/win32/api/winuser/).    
+  supported_platforms:
+  - windows
+  dependency_executor_name: powershell
+  dependencies:
+  - description: |
+      LanguageKeyboardLayout.exe must exist on disk (default location: PathToAtomicsFolder\..\ExternalPayloads\LanguageKeyboardLayout.exe)
+    prereq_command: |
+      if (Test-Path "PathToAtomicsFolder\..\ExternalPayloads\LanguageKeyboardLayout.exe") {exit 0} else {exit 1}
+    get_prereq_command: |
+      New-Item -Type Directory (split-path "PathToAtomicsFolder\..\ExternalPayloads\LanguageKeyboardLayout.exe") -ErrorAction Ignore | Out-Null
+      Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1614.001/bin/LanguageKeyboardLayout.exe" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\LanguageKeyboardLayout.exe"
+  executor:
+    name: command_prompt
+    elevation_required: false
+    command: |
+      PathToAtomicsFolder\..\ExternalPayloads\LanguageKeyboardLayout.exe

atomics/T1614.001/src/LanguageKeyboardLayout.cs

@@ -0,0 +1,67 @@
+using System;
+using System.Runtime.InteropServices;
+
+class Program
+{
+    // Import the necessary Windows functions from user32.dll and kernel32.dll
+    [DllImport("user32.dll")]
+    static extern int GetKeyboardLayoutList(int nBuff, IntPtr[] lpList);
+
+    [DllImport("user32.dll")]
+    static extern IntPtr GetKeyboardLayout(uint idThread);
+
+    [DllImport("kernel32.dll")]
+    static extern uint GetUserDefaultUILanguage();
+
+    [DllImport("kernel32.dll")]
+    static extern uint GetSystemDefaultUILanguage();
+
+    [DllImport("kernel32.dll")]
+    static extern uint GetUserDefaultLangID();
+
+    [DllImport("kernel32.dll")]
+    static extern uint GetCurrentThreadId();
+
+    static void Main(string[] args)
+    {
+    
+        // Get and display the active keyboard layout
+        IntPtr activeLayout = GetKeyboardLayout(GetCurrentThreadId());
+        string output = "\nActive Keyboard Layout (Function: GetKeyboardLayout):\n";
+        output += "---------------------------------------------------\n";
+        output += activeLayout.ToString("x8") + "\n";
+    
+        // Get and display keyboard layouts
+        int numberOfLayouts = GetKeyboardLayoutList(0, null);
+        IntPtr[] layoutList = new IntPtr[numberOfLayouts];
+        GetKeyboardLayoutList(numberOfLayouts, layoutList);
+
+        output += "\nDetected Keyboard Layouts (Function: GetKeyboardLayoutList):\n";
+        output += "-----------------------------------------------------------\n";
+        foreach (var layout in layoutList)
+        {
+            output += layout.ToString("x8") + "\n";
+        }
+
+        // Get and display user default UI language
+        uint userDefaultUILanguage = GetUserDefaultUILanguage();
+        output += "\nUser Default UI Language (Function: GetUserDefaultUILanguage):\n";
+        output += "-------------------------------------------------------------\n";
+        output += userDefaultUILanguage.ToString("x8") + "\n";
+
+        // Get and display system default UI language
+        uint systemDefaultUILanguage = GetSystemDefaultUILanguage();
+        output += "\nSystem Default UI Language (Function: GetSystemDefaultUILanguage):\n";
+        output += "-----------------------------------------------------------------\n";
+        output += systemDefaultUILanguage.ToString("x8") + "\n";
+
+        // Get and display user default language ID
+        uint userDefaultLangID = GetUserDefaultLangID();
+        output += "\nUser Default Language ID (Function: GetUserDefaultLangID):\n";
+        output += "---------------------------------------------------------\n";
+        output += userDefaultLangID.ToString("x8") + "\n";
+
+        // Write to the console
+        Console.WriteLine(output);
+    }
+}