f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1.exe
Size

10.9MB
MD5

d21622d84030a646840a0a8874868018
SHA1

fd2a5e9e2a8b8219cefd47f0e701ae4ffee559d1
SHA256

f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1
SHA512

c0f629c0f6d9987dc8ada7d5672edb9f0d223ca440c108d6d62ef792456ac78f1fcf672481dd8fb4b6978fb9ae763b748339d96d4b6f6379493f5d72b42ef8f4
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1500	f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1.exe

C:\Users\Admin\AppData\Local\Temp\f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1.exe
"C:\Users\Admin\AppData\Local\Temp\f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
dc489d281ba6ab097c8ead439d6242c5

SHA1
19a5a64f1d6dba209e415354f05957d838c422e1

SHA256
9ddffa3943ba2b5b6bef4534e839a944dd75e3167634d12671c3860b3f5668b7

SHA512
ab441b19754320f39500421993cda8e5db84c9011f19fc8909413a2b1f07b8c17711ef726fcd302890233a3419802aed10139712d7bf6e3308b33a89d158ffb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
26debf870b59572bfd49f7358625d790

SHA1
26aba6c0501838c616c50a809b4d38f9315b7d50

SHA256
05f88c560f577554a3ffc6483f75df691bc99b0ef5666104c572f2edd5756e10

SHA512
ea28a54c651b9ab12544d01071278eff2703c7a7b1f0857a64d36f9c512415775a8fead82a77c55e16363ab955ac7966d2f1e0e53272b8fb510aebe7039b5dca

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
8e3d9d90d77cce72aa8a993b8ab83881

SHA1
eb008d1db8525076cfad2e4e100d477839dfb291

SHA256
42f5ff6d866bf37c493b14018543eb53c740f3ea11651d1dc407c31a5eb1e7db

SHA512
a2b2dff4892df4eb3ed5cad46f61eb6fb81fdb2e2494809e94f881e984ddc19616307aba594c1062beaaa3b6cfef1d3086315e58dbdd625d72cb660cafda8e9d

Download Submit