c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414

Analysis

max time kernel
147s
max time network
155s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 14:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414.exe
Size

10.8MB
MD5

5925b9f09a7800a690ae7da8625a6477
SHA1

57019b266f7ecaeeeb38add4feaca7beac3dcffc
SHA256

c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414
SHA512

34903850cce477615d56a40377e286dd9ad045b518d0239433b4ed749e45955464fcbb12e6386443d91dbb3b51e53d9f134e9b2f8c17b59f824eb666668001e2
SSDEEP

196608:+z601ktxfSSSJ7PbDdh0HtQba8z1sjzkAilU4I4:+j8S5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2088	c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414.exe

C:\Users\Admin\AppData\Local\Temp\c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414.exe
"C:\Users\Admin\AppData\Local\Temp\c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
6040e6d26b0ab701d3b16cc88cf3b8e7

SHA1
0a73f6b44f5b9e93f1e82a106ba5b80dc5a230b9

SHA256
c7183fdacfeaf3d8d734df4790f25a53d4ce6d0f035808743dd713a022c76b4b

SHA512
c17f48c335113d95e516f653e19f4f637336627f564838516b84c50332ed2412b18aeb53d0462496eb74ab7a4d58c4ecdd41154e8a7db80b5c51015bec73792a

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
4b0c63bbf131da341acb10dd19d5ee06

SHA1
201c04b159bbfc71055d9985ff591103c7dfea37

SHA256
72ae598d5034e97c7b2b4b61e241c5df2d4e8ba69dd1f9c0b527aa6393320bcd

SHA512
2842045458d785e8e7cbea9c3f82b8734388dbc50a1eb3d3f92450aa7985b9becc287504c504a5b4a3eb9b431ce13f1bccc144cca6a3bc6ce8099ea1df7f6a39

Download Submit