fe9496a9d2cc8a79d879fc6251753dc27004a0601482b26a6924d97a4de230e0

Analysis

max time kernel
97s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe9496a9d2cc8a79d879fc6251753dc27004a0601482b26a6924d97a4de230e0.exe
Size

10.9MB
MD5

74d8e2de9595d96827de1bb4766975a0
SHA1

9b67014e1a8c9064f864ec32fa242ca94b4b27f8
SHA256

fe9496a9d2cc8a79d879fc6251753dc27004a0601482b26a6924d97a4de230e0
SHA512

a338a09e1d4b2beb77965bebaef6027543a5d125cc568ec149203f2400a81a2570d53cc315cf799cc03f79b7f5aa91135cef209c28b5fb91a010de873be3eed5
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fe9496a9d2cc8a79d879fc6251753dc27004a0601482b26a6924d97a4de230e0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
212	fe9496a9d2cc8a79d879fc6251753dc27004a0601482b26a6924d97a4de230e0.exe

C:\Users\Admin\AppData\Local\Temp\fe9496a9d2cc8a79d879fc6251753dc27004a0601482b26a6924d97a4de230e0.exe
"C:\Users\Admin\AppData\Local\Temp\fe9496a9d2cc8a79d879fc6251753dc27004a0601482b26a6924d97a4de230e0.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
c276f3b749cb48d552ebd4ce40c8a291

SHA1
c517ea2b7674ffaf450b72b7d4b3f7ae607f8938

SHA256
de552ffcfbc6d66352e6666192423b686180ad90928c651f596fa86556a1543a

SHA512
370d7d606b7332a247c513fcb5efa389ec9cf418e471705d0d4b4e87c6aae59e64bd9ed7980595817754be3bcc7171719adf5da444e1efb5333d708754b7d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
5f309918f9274e20b33d002cfb0e1504

SHA1
545b59a01722ddd3b7747ad62dcc9b914d62926a

SHA256
a1e7574b55a421dc06c5ecb8df064dd0202d367bd248d9e6b94dc67264c39079

SHA512
a40119a13397c27fd225a8ef2d7eada4f025459d6d564caee05298f7241e098f0002befac62871590f584f4502d0a6a1b51e6db410d57ca2d49c3a5cdc71a9cb

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
6822c43b114aeb55967e7080028f6922

SHA1
871be8131e1235e24ba8f66674a13eb365596f34

SHA256
91470d2fb8061fcb36e0613b052bf0879e4b77b3095531042cb283fffec5ab2e

SHA512
814211df5da3cb60131a638735d7634116a259db7336f420b9638644fca8375ca410ed7eaebfa7daf7ae14667f0a733eb5e96ba300f655e170b70417d4721bc8

Download Submit