450c975747b6b350f30ca080cc0516cac037eb4083dc6d784b3dda8baa1c2caf

Analysis

max time kernel
147s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

450c975747b6b350f30ca080cc0516cac037eb4083dc6d784b3dda8baa1c2caf.exe
Size

10.8MB
MD5

11da2e0d5e160f4beeb0ee06f9a50b0b
SHA1

19e803f59fdac7c1825ad3848f714b1b8060f2be
SHA256

450c975747b6b350f30ca080cc0516cac037eb4083dc6d784b3dda8baa1c2caf
SHA512

da86b1fb0c8cc90a0921dcc2d33c80e973f2bc57a82082e03aaa1a84bb2c4cac71e776b3b06be0d0920928b9c9ce070fdc978d742e4393dcb3e97da2ac383359
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	450c975747b6b350f30ca080cc0516cac037eb4083dc6d784b3dda8baa1c2caf.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4820	450c975747b6b350f30ca080cc0516cac037eb4083dc6d784b3dda8baa1c2caf.exe

C:\Users\Admin\AppData\Local\Temp\450c975747b6b350f30ca080cc0516cac037eb4083dc6d784b3dda8baa1c2caf.exe
"C:\Users\Admin\AppData\Local\Temp\450c975747b6b350f30ca080cc0516cac037eb4083dc6d784b3dda8baa1c2caf.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
b956c23c6d2cd5637a9eaa184f2b8e52

SHA1
22362cb08ff1fd85ea79cfe3e212b89da4f09f80

SHA256
2dd923dbd467b9eeae6243bd2234d4636a38c17b7e138f8b42b36af10895cfe4

SHA512
3494e6225d2da90ab48b24d985dc6616210e5397ae21b6973b1ae2fde44a28e80364b952398a7d27eb5ee238f8a7aa1adafbb84daaa134712db0993d85257b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
622dab5b2c525da82a41225d409ed2e2

SHA1
355235c8a9e8e4d952a407128330ebde28fff047

SHA256
28d0d366ac928e9ae60e4afbf5c1465e231d1771829baa98da6aa6bcd6db6684

SHA512
2c10b8b1f0f5f54552ac02bdacbf6456dfda1fda775ebc72f35144c8836ea849170f500929e4baa4e5a0612d47cbb33619e81f2971b4cb6798489d0d07e4f60d

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
3c78cc277edf732127464edb5b4b5c7f

SHA1
fa1d4c574af4a1f285230864f23edf01991ffcd1

SHA256
de71c53159c64bf41d211cb731dae924c7105e1012935ed8ce95ca2e00459dd1

SHA512
bfa95c93a821f6b6dd86696cf6f3499045865169c4c4f2a5c42283cd8c84a478ef5ea47dce1303765e1613eab5227c1a8d8487a6d0aabb14349c0ed13ca12cbd

Download Submit