10949c5054baed3b6f652bb44ca1cd6474ca0e8c5a2ef21fde3beb7445562de2

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 13:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

10949c5054baed3b6f652bb44ca1cd6474ca0e8c5a2ef21fde3beb7445562de2.exe
Size

10.9MB
MD5

32db6f0229986d136a3a968201579466
SHA1

f92d268c24cc3a9b2b29beddee261122896b14a8
SHA256

10949c5054baed3b6f652bb44ca1cd6474ca0e8c5a2ef21fde3beb7445562de2
SHA512

36dcda2af2a88cfc3a89aefe149962bac29e6162ff1506af262b8b4021e8bf394cdf1b3a16286f7542e78e310870c46687d12327ce5eb8897b97205ecffb7433
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	10949c5054baed3b6f652bb44ca1cd6474ca0e8c5a2ef21fde3beb7445562de2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1780	10949c5054baed3b6f652bb44ca1cd6474ca0e8c5a2ef21fde3beb7445562de2.exe

C:\Users\Admin\AppData\Local\Temp\10949c5054baed3b6f652bb44ca1cd6474ca0e8c5a2ef21fde3beb7445562de2.exe
"C:\Users\Admin\AppData\Local\Temp\10949c5054baed3b6f652bb44ca1cd6474ca0e8c5a2ef21fde3beb7445562de2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
edad81cb9504005196d3e168bdbf8540

SHA1
a0041061623596ef2f184b28ffe193312081fc2b

SHA256
2f8049195bb08af78c6c3f817a2825027bc2ebca497a7c11fad82c3d52d2b9ef

SHA512
70dabce70f48817d98de64eadca16310bec263118ef41e10e6fe159d4e5e0d2af544d23181c7d5809070a628a6c77c73c936e6567c7dab92e6baf53b294fb9d2

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
3f99dd222cfb689e2aa81ab5e42e6211

SHA1
8845f8942ae17d0e4954cf70cdbd370099aa6137

SHA256
8fe5d4ce9cae92655c75746028acdf6b253bb3184cf9a5a77cc9013fe7ccdc43

SHA512
d1768f6bce7d71837d17e9fafc5627f873818804367592ded5ce79ab24b0c3a24895335fb4c5fcb37a9acc1451bf4950062b0b79be73c576af5cd4dccdcc0bd0

Download Submit