c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe
Size

10.9MB
MD5

ce2ffc5cd1537f6e70abe24c46be5b8e
SHA1

c8c35c325cc26243bfe5348ab3ac4c5deba15568
SHA256

c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea
SHA512

41df386d0cb7b34b16194e86f06dbee5ed722528aec74932a63d9f85a856a99295e3b6fef94304ec32c09325f1f01a91ed331fbe8e685f8a3c824509efaef505
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1168	c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe

C:\Users\Admin\AppData\Local\Temp\c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe
"C:\Users\Admin\AppData\Local\Temp\c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
beedc3543c484eb7b224e4fd2b1a991d

SHA1
d5eb61f03695c17788b99527a5da31b01d7a1c98

SHA256
ea18836f58fdbb5b60929fc45b3d2960dafdfc9ddcd873576240f9430bf4a46b

SHA512
a6551cb88cae7e999c0b02234a9d85cb4f9855acf1566199a79d1df60d3d438ff490aba5715154d8f09a93375db221112a1733e44cdc67c2d0c9b8f44228512f

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
a246c05ac5c975c47c2db812c5505641

SHA1
24d073bd84c19ac08c17940fcfbe459b95a2ece5

SHA256
fa74289c5b73239c2089ae41ba1bdaaac5bbb1f06cf93e4004576f891e847863

SHA512
d867b85f75fffb906842914778a7f01d83eea218d59d2cd0cb06e565a7db2afb19884833b56468138e3c491b6b79537d2ef45652bef22d93684599a5dc6a24ee

Download Submit