f86e5130086d2f9b1df14a23b04537499c118f086d59bff31bb0e2b98c9efc85

Analysis

max time kernel
138s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 09:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f86e5130086d2f9b1df14a23b04537499c118f086d59bff31bb0e2b98c9efc85.exe
Size

10.9MB
MD5

48d16ba3dd99d145440e9fa4dd8aab96
SHA1

67599ff231110a5b8ba3e9c85b9f47dec8a587b4
SHA256

f86e5130086d2f9b1df14a23b04537499c118f086d59bff31bb0e2b98c9efc85
SHA512

0df7388a1e2ee98c60906414a42e2199c62784ca7f46147c3001c25502c3a51d6b6557ae4d09a2e33ab32ab5c707cbb26991dfb11a88589934bcd9cf3f6d362e
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f86e5130086d2f9b1df14a23b04537499c118f086d59bff31bb0e2b98c9efc85.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4208	f86e5130086d2f9b1df14a23b04537499c118f086d59bff31bb0e2b98c9efc85.exe

C:\Users\Admin\AppData\Local\Temp\f86e5130086d2f9b1df14a23b04537499c118f086d59bff31bb0e2b98c9efc85.exe
"C:\Users\Admin\AppData\Local\Temp\f86e5130086d2f9b1df14a23b04537499c118f086d59bff31bb0e2b98c9efc85.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
2472edfd8982f1f40c29edd09aa291d8

SHA1
373d0de12133a555ff7bdb5b50701faefc2d6bdf

SHA256
bc5095aff8883cbc74e67af4798b8d0204bbb6a8e48fde720abce6626a800fcb

SHA512
73cc6d181b47bdc9644348972a58391837e34eefa2878e72136b88e72171fd324ac70d586ad8f93d2025b59a1b2520903dfd17ab285b6bc41ba82051e5e660d5

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
dd89f7b050daa96cc1d10596edbf3a42

SHA1
41a10dfd07ed0d939ab5b6b04d94ab3e1e064950

SHA256
ece6f3046bcdbcc54fa79863516ba37714736e05684a3138e232da210414870a

SHA512
5f7631cd20aa11c97b3ddfbda1d6cc0be0b00e5ceb8aa54cef42822ff7b78cebcf17ee30931eb66456095d82e63456ef0d4439ad7a7ab7c5faba10a057b07c35

Download Submit