a4c1acddc904e5d7721cb2625337406ad14372a15be9084d931da6cf7feda226

Analysis

max time kernel
129s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4c1acddc904e5d7721cb2625337406ad14372a15be9084d931da6cf7feda226.exe
Size

10.8MB
MD5

ac388eb3acc7a3143c49583b184271c2
SHA1

bccfcd3ac74cf60afec06b7c643c8187248ba819
SHA256

a4c1acddc904e5d7721cb2625337406ad14372a15be9084d931da6cf7feda226
SHA512

0195c5a4b097317b178431a3a70e006aa77def49a6072ed452552085d9b3b9ece772754c5967c9c92616fec54f782880b7680322b92e7bf88329d26b430aca94
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a4c1acddc904e5d7721cb2625337406ad14372a15be9084d931da6cf7feda226.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3240	a4c1acddc904e5d7721cb2625337406ad14372a15be9084d931da6cf7feda226.exe

C:\Users\Admin\AppData\Local\Temp\a4c1acddc904e5d7721cb2625337406ad14372a15be9084d931da6cf7feda226.exe
"C:\Users\Admin\AppData\Local\Temp\a4c1acddc904e5d7721cb2625337406ad14372a15be9084d931da6cf7feda226.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
56a1c485afa813e967a4546e5dd11dcf

SHA1
446ef6475765c16a702ab502489dba78f27b8edb

SHA256
bf8f9446983db00a6b88d0d292ba2bae749bc49f847e599b5a4bdf939d137907

SHA512
1dbcc76610b6357702d36c0ced1f899022c8472f25a7a72d8aa3700288acce8c21b3705b83fe6e332ef023ac490a65aae46c8ebdacd9c932d00641d61946b42c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
cd57cdbda4d56fb46fcaa8ce0056a8aa

SHA1
290df175e4650d3e387b6b21559e95333e77fd5b

SHA256
cb9b42d47e1f8ea029a7ae600036678ffee2d148d76c1c06b5796728048bd646

SHA512
287e6c1f3ff2667a30c395c0dfc2cf4dd8b3138154b2c2bb9f3cc62aa7822e18a1f3468b3f93969f6ee5957185700ef591de07d932715b4db67fb8a82f98b77c

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
17ab021c22de579ee05cfe5904516fa8

SHA1
f8a042a5548564092eaad0c45d5620967a9557c6

SHA256
a0ce654f13b4eb804a3b3d6440dfbcf8441fb75c59a7be548bde7dde75c38677

SHA512
6e3beddba78463182c5fe99d616bfdd57b8a8734891d6d193c51cd3ce61ba125bac570f65e20ca95a352af25ce46e5b8fef6726fe699990fcb44c346a17852ea

Download Submit