f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1

Analysis

max time kernel
132s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1.exe
Size

10.9MB
MD5

d21622d84030a646840a0a8874868018
SHA1

fd2a5e9e2a8b8219cefd47f0e701ae4ffee559d1
SHA256

f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1
SHA512

c0f629c0f6d9987dc8ada7d5672edb9f0d223ca440c108d6d62ef792456ac78f1fcf672481dd8fb4b6978fb9ae763b748339d96d4b6f6379493f5d72b42ef8f4
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4900	f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1.exe

C:\Users\Admin\AppData\Local\Temp\f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1.exe
"C:\Users\Admin\AppData\Local\Temp\f6ada81249df9d342c0c351e256f4f184b5cfaef1dbcf172bc783f6ac46fa6f1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
af2a1591cabb7454d489e64744522b5f

SHA1
b9d3584f867007d503d9222407c8bccf7bbd2cb6

SHA256
3f373e2a51646ef06f98bad55d7479bfb18a45b4fa8d1410e9e0f43eb1ae1ba1

SHA512
e02c3eb754d70c531fce558b915f16470f47d90d8d60b1d1ec2993081a3369380d6947bbb93e8b15f8c52b087b21b53565c3db8ca076d112c790c43a24f41823

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
250269cca51bf38f53ca3f6d34d4f2b7

SHA1
25ef8f6f8caa4fb6336e13192ec7fb46cdcf5dbe

SHA256
416e4ec0aaf39a37985fb83df48eba14448ad5a5b490e79bb0f9beaf19f54edb

SHA512
53f187c7c74b4208e3edf01f5038f0ef47d7af58d782bb311a1a8ff116e38589c8fd6b58d5e4c9cca3d19c35bee6e50a98486c425e793da6d6e4ac4df9ad1c9a

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
a6e41142d1956b68b12b42f1fac92c85

SHA1
7aa441a92a0d625aff9de4dee63e09d4f1999be1

SHA256
edf5b2e4fdd0497208d3eb19bcdc44ba7b24a4b14643ca1979356cf2c2c3ac72

SHA512
fdb1105c299bcd89b5995238b7c70b6f1f3826535b9414e0fa098365e0c911baa7c3beba6ed59f0409d32d01cbd720bb8f0a3871c47b4fdf2c38d588975ce17e

Download Submit