62184c3cadb6b6d243b43674c1697739ab830df831dbe6a44dbc13b7f3549f47

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62184c3cadb6b6d243b43674c1697739ab830df831dbe6a44dbc13b7f3549f47.exe
Size

10.9MB
MD5

1ff6418794f6a0807175d0b997271d59
SHA1

b38354d7471f2f9ca3a53219177a4710f988dc84
SHA256

62184c3cadb6b6d243b43674c1697739ab830df831dbe6a44dbc13b7f3549f47
SHA512

8757610c23e9153a7d2f0a1b307d897be828f28f48625d13d08abcdd8040020f84aa7e5464498922a10e074f3b05767bd252ab416781655f1b95dfd0ee34cf19
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	62184c3cadb6b6d243b43674c1697739ab830df831dbe6a44dbc13b7f3549f47.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4544	62184c3cadb6b6d243b43674c1697739ab830df831dbe6a44dbc13b7f3549f47.exe

C:\Users\Admin\AppData\Local\Temp\62184c3cadb6b6d243b43674c1697739ab830df831dbe6a44dbc13b7f3549f47.exe
"C:\Users\Admin\AppData\Local\Temp\62184c3cadb6b6d243b43674c1697739ab830df831dbe6a44dbc13b7f3549f47.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
ac7472e64d0b8f46f6a4eab7a980fd19

SHA1
9cbf8915799beb17161777ea072a20e6eae47504

SHA256
6f1c9dc191e2e830ff1f78dd5ed7aa90c1acc89c8ac7fc1d9e9e47c7a6b34b15

SHA512
bf787ef6a862f39ac4e5f65542763859fb201808e1632e27463d08a0aa91b0ac15f2b93422632411b0a34068af22fe7ab145116c5a7e36480a76aeee5e0df2b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
c57692a030218c14db2f314eb89dfb6e

SHA1
210781f56c3240bc46a8ad26611f9e7dc184f303

SHA256
9473c67929c35aabadec3e5bf6dd0b2ebf71dff94bae177d7b50f311c27162f8

SHA512
d71f9b3fa9b5e0dd60bf645baddc9f9a953cd8dab8ff0aac33d7f3c32d95b67bac159ea991f0f9b1dc9f3d94de2106551e15c97df5d5400b7796c5c94b74f001

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
4777fb406da05bb2264f98a5a88db524

SHA1
f2c2091c517a04ddc7fa51cf2719f956aeb68552

SHA256
f4f1b91de064b6cf47ff9cbfe08047ea9bb71dc27812eed34e08a1bafb3bae09

SHA512
fe500e933e1dd6684f5d02206eddb6a74c6ef111d226ed6ca9f926482d4109da58d3cb232eb7c55e2d3d18e0d09916b01f559c08512328766ce5bc4c334ecae5

Download Submit