5d351c814603279e3923154a29861d0f8bc9d0b66716025bfa5f22071c977f06

Analysis

max time kernel
94s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d351c814603279e3923154a29861d0f8bc9d0b66716025bfa5f22071c977f06.exe
Size

10.9MB
MD5

b17e9cfd6f8c199e488b2110e45da8a9
SHA1

da0dd0062a4979fd161d3585c08434f1b633adaf
SHA256

5d351c814603279e3923154a29861d0f8bc9d0b66716025bfa5f22071c977f06
SHA512

9707bc8f9df067dbe2f50d5ba01ce9f1581da5a056029603b114eac995e0cec42e8f370874316b5c5145758422b62e5786c06d639c318417e96a8a85fb42317f
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5d351c814603279e3923154a29861d0f8bc9d0b66716025bfa5f22071c977f06.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2216	5d351c814603279e3923154a29861d0f8bc9d0b66716025bfa5f22071c977f06.exe

C:\Users\Admin\AppData\Local\Temp\5d351c814603279e3923154a29861d0f8bc9d0b66716025bfa5f22071c977f06.exe
"C:\Users\Admin\AppData\Local\Temp\5d351c814603279e3923154a29861d0f8bc9d0b66716025bfa5f22071c977f06.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
03a309d0a0ca4a9119ebe6c4a82efaf5

SHA1
f7c1707c1fb45833eb337c0fc30a15e4df7767ed

SHA256
985f98daed882cec79b2535782e7ae48a10909bdbb6fc2309b679d1edb94bad8

SHA512
2dd408ca0dcc7b660a73f0413d6eb2a1737f812f056ffbdef261591dddb992325288e6961d8582f50fe67cd3ca3ab9abb99eaaa24214add5538cb3f22296bf3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
5cd10ef0f6e8855c23fc26c95a1744dc

SHA1
8f86a9aa1df471b67491cbc47a8109fdd4410d8b

SHA256
0eda479db828b51974593b49879c29f2edb25bfc350a0f99c7ae0f7c14db13fd

SHA512
eea30d38d266ff9e9169516a5dce805a6608ecebeed43bd4ccf067f016fb2b857d3d8f2e266a86a87eab33eb250d6cf766d5d046905bf37ef83c0cb738ec7211

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
7c6c9d1319057878b48ef59b1cec46a0

SHA1
dfc2b63fda54d9ed1b2cd4bab3da5ab7ed405340

SHA256
7418e244a896d2b9dfef91c1254dc64455112913d914736b319c89d1aa803e7d

SHA512
47b0fe827da0de1d149919131158650f106c81f31342ead15cac8d868f5d437e6c221f25ca6d4b972b400d526d14e791454d0dba1a3d2c16f5331f31c6c74e9d

Download Submit