c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414

Analysis

max time kernel
112s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414.exe
Size

10.8MB
MD5

5925b9f09a7800a690ae7da8625a6477
SHA1

57019b266f7ecaeeeb38add4feaca7beac3dcffc
SHA256

c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414
SHA512

34903850cce477615d56a40377e286dd9ad045b518d0239433b4ed749e45955464fcbb12e6386443d91dbb3b51e53d9f134e9b2f8c17b59f824eb666668001e2
SSDEEP

196608:+z601ktxfSSSJ7PbDdh0HtQba8z1sjzkAilU4I4:+j8S5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2368	c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414.exe

C:\Users\Admin\AppData\Local\Temp\c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414.exe
"C:\Users\Admin\AppData\Local\Temp\c1804d79a9c0a681e1cf2d818d161eb8e072cc7c6c27a433e4dac2d99015f414.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
afd2b44f10ee3ff0aaf5f4cb045951d9

SHA1
39b84f8beb0a6f84406a07155386ffce0daf6877

SHA256
2c05a4eb044d959c1c1656f3ec5d48cf88d9dcfeaf33a9392ee0822ac0b06c85

SHA512
a538d2f58d68a0af89ff0160b34b825575e13e1a22e884955b80fe2d4b4a1974eb9228a6738b4f2622b75e5ee28c0e5f4a0b291262f742fb166b047b254fcd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
2b75254a42f370c191ea0df997cff494

SHA1
9e9b789adb5e5de7955544548f3c3a5762704672

SHA256
898de0528cd18a65f457638fed306d1c6c3442910fd7eb8016e3f4e97ed14caf

SHA512
4b466521cb174ebef5d8abd0778ff9154716f351c58f367e658300e87d106597393924695a5f757e583cbfb3a35b3d1f47cf773621445bf33e5a9ab5bb4dbe83

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
648147ca2affb2c5b2c49a80346c2090

SHA1
d396dc0811145f41d76de39ae1bd076a9bedcc77

SHA256
5acf4c299ec438bdd28ca5c32656a3a5aaac03d57abfdf49cd35fbe257ed314a

SHA512
5bb1f9e9585ca4036bbcba5d5a0c8882a12fa4b652bcd6373cb986c6e104404c7bb89a645738a8898ddc727e2e413333e439028f499b09eb66bc19a7b2d74841

Download Submit