b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe
Size

10.9MB
MD5

c221ae409492c2dfaa7c19536a62056a
SHA1

b35268b0ff0911442f43e1c7ab7b5666fa19c520
SHA256

b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7
SHA512

8df588e8d9f40b1b52f35ea1265e722594537309f8cdb48d388783797ff16a6e3c81761e49f1beb72e1e7a02012d187d8808ed1bd6cdbee6f073398cd6345a0b
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1976	b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe

C:\Users\Admin\AppData\Local\Temp\b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe
"C:\Users\Admin\AppData\Local\Temp\b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
191f6084e3f236d9b615e16c6da01bd0

SHA1
1145f981e325eba9ca6cd7075cfd532316b9d21f

SHA256
9238713e793f52e5422dab385c4179cf35105e04b315489c74a2c8ed5aac457b

SHA512
1a13827e5a82014ab2c4fb30f73419fed20b33d69e2392181f1b40a20ec42a4e4416709ee0b9261e9157355a3c2f7aa92867a34103f30664b2c45bd7ec573b31

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
418e93161d8a25fe34fd182369f91e72

SHA1
5546f0ef2e838c66df9bcd92609e5dbce426ef26

SHA256
7420a70466f4f5ffd6d7ab178336fedbd0b6e58ab872bd2321fe051e57d25800

SHA512
e2f111225290582d98764f3487e747efc7c899d471aaa51dc9411702c5de9b150b69dd1a70c101200004f3e8009fdd191202a20e7f4f4022e54d9b7866ad6545

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
aa637608381f7a198c1d0106ac0866f4

SHA1
f2db0f76106524f552a5befc1942c644d4e959a0

SHA256
125178a7e301e373650508af8a39fe7cd2ba26d0a0e0091514d29419b9de1001

SHA512
e5116f223b6577e78fdc3debf8d2ca07400a46cfa453660b84d9b9211d89ce30c368eec20a57e13c643a0945e242acd3926b236f432fc70c5af0f7dae6882b64

Download Submit