73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 01:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe
Size

10.8MB
MD5

7919871201d642cc75ddd2768adc76bf
SHA1

675c47287e55caac42234162d3d9f221041f0e23
SHA256

73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773
SHA512

b3bb0e298563daccfda9fb7b17a7a99fb1ce1cd17f486c34e6c8b16b6c51675ceb1ea7a131cd301a9588ad48327a48aa15ae3ac401a91365cfb22f22ebdc6d49
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5000	73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe

C:\Users\Admin\AppData\Local\Temp\73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe
"C:\Users\Admin\AppData\Local\Temp\73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
50ff2538457476517d77325de39218f8

SHA1
d59dd0af89d69dfa8a9de60020c8b640ffbc97f4

SHA256
e5de01c0ba2caea608ae835eaa351f2a03e2c2f2610363cf08ff3002bd2c3bb6

SHA512
9bf0cc104a6bd4e06c647ac4fab1616ea78854fbc28382c39d3758aabb535d2e37e337108ae4853adf1b1615ff0100beadb0ae7e3a705080079bdecdfd1c80d5

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
534c0634ea6c840b8ade68f3c62f3d52

SHA1
ff5535d905235089246654b235a48410a3cbb1f8

SHA256
3f1ace24f7d19eebde53321b3a94ae3b1cc044fd3600e8f5809e1aea475f8f2d

SHA512
f83d47050fd6be66fd39576f0727d7a54025846dea490bf5e6236ef77c60e06dd220d89b29b527e521713727ac925e68b9d7f1f7a95e83a84c638c2192c18006

Download Submit