57a0f733bd1d7a1bf7390dea745ad0ef52b70e2ff677118c038c11b58177ca86

Analysis

max time kernel
118s
max time network
155s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57a0f733bd1d7a1bf7390dea745ad0ef52b70e2ff677118c038c11b58177ca86.exe
Size

10.8MB
MD5

3ce79de8229d22a272224d7d887f4cf9
SHA1

a1dbddd9fcfbfde57688a80a94bb6ac486087705
SHA256

57a0f733bd1d7a1bf7390dea745ad0ef52b70e2ff677118c038c11b58177ca86
SHA512

514b1dceca1dabd2d1bbd7869941b569b81ee0d23ec05993ecee811702465ec35bf00064410030a88e9cb052a514263999f3ade5a9cb9b79cc241e8c6a8e6fbe
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	57a0f733bd1d7a1bf7390dea745ad0ef52b70e2ff677118c038c11b58177ca86.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2800	57a0f733bd1d7a1bf7390dea745ad0ef52b70e2ff677118c038c11b58177ca86.exe

C:\Users\Admin\AppData\Local\Temp\57a0f733bd1d7a1bf7390dea745ad0ef52b70e2ff677118c038c11b58177ca86.exe
"C:\Users\Admin\AppData\Local\Temp\57a0f733bd1d7a1bf7390dea745ad0ef52b70e2ff677118c038c11b58177ca86.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
6c8665ea8ba4da0eb1605b4171b0a33a

SHA1
389c81ee038347c5f8bae052ee8e96b483933ca2

SHA256
3c7248929ea0e9281aec79e67bdc98b9fa79d73b7d1a93cc59def34212dba6c5

SHA512
da61bff64e190eb53ae455efa0c61ffe70c90a26784083f27494b9a5da73386998e4946802ceec4518dd697c442322b5f1cc4f3d39d1917e44e915129e52a228

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
0296416d586d834f0506f6fbf9e20464

SHA1
31149d0b5ca8b2d518b670acd348e04b544bbbd3

SHA256
093cf32f5d2b6628271bdc168312414fec9d86a5c16ab34aec88c1adf786c2c9

SHA512
eca49d906e15fbb6721ca2bc39992238732c5340d265bfe948859667e840943978a4ad32ae4c3afe55d7aa6c4ebfe768bb4085d249a64af30284b64503a90bf2

Download Submit