de48d1e8c6365adfb4d9f13e48ece30856dd8a72a2313876e2a72201617b538c

Analysis

max time kernel
136s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de48d1e8c6365adfb4d9f13e48ece30856dd8a72a2313876e2a72201617b538c.exe
Size

10.9MB
MD5

bb95c5bef7b9c405870539de88180aa7
SHA1

e127215c8fee64533df4b6919ce5450360e9922f
SHA256

de48d1e8c6365adfb4d9f13e48ece30856dd8a72a2313876e2a72201617b538c
SHA512

c6cef1c3a43dccdf06fbae100be3f4126ec065cd90201d3445d57746d4bb269b3169b398d73abb4a6de7752da13441e5806713ade4e55d4642ffc8b40dc95ff8
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de48d1e8c6365adfb4d9f13e48ece30856dd8a72a2313876e2a72201617b538c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2432	de48d1e8c6365adfb4d9f13e48ece30856dd8a72a2313876e2a72201617b538c.exe

C:\Users\Admin\AppData\Local\Temp\de48d1e8c6365adfb4d9f13e48ece30856dd8a72a2313876e2a72201617b538c.exe
"C:\Users\Admin\AppData\Local\Temp\de48d1e8c6365adfb4d9f13e48ece30856dd8a72a2313876e2a72201617b538c.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
de79ee23b7bda33629bb10d16ae47f1f

SHA1
adde644b2519cb7c7634cf6613bbc2d8a15b43f7

SHA256
4e1597c2301550d5121b5c4fe30d3ff58cf90a5261e8bac3c645854522972414

SHA512
eb32cd42742496913d25e22fdfe45a640c8dac6703a8e1725aefe6b3a5f6a601e5ad48fc1c8ce9c749d05e4fdc5c9b220a084d0de9768dbe56d3e62bf9e35a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
34e2c8b6d6f59242a36983e377d285e1

SHA1
7f00de68e54bbd743200cb38e9d2ccadfe628782

SHA256
1dffe8696863b69b86ec215199da930697b02ff604bc284d04d7fcd33d3f3b5c

SHA512
2d47a0ea9a914377540b7162c4d5c90191a75f6448f751b6b36cf8126de09f5a1db8296d5797e7cd097b80ba401029f3259ad0606b3d9160fe12b27601b5a80e

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
45bca71d766a002cdad41428b83c41fe

SHA1
651d570ae5ec89bf8e20e8cc91b00f38107c85ba

SHA256
de982f4d9f3de5aeb7b452572ca6ce752dd5c47e76dc3a643f4d3060993a086d

SHA512
86cde61a2a89615db473cacb55387bb845733dd37e9c6bf6e81872e2093d7c35030e9c6a9c1f013873f591e90cd4b84b684b5d28da9106499fad5bd01fd3dd3c

Download Submit