a8f21b50ae729d1b665fac04deead46ef5ac6b2f1a2f81a9f72ec0a97c0f3983

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8f21b50ae729d1b665fac04deead46ef5ac6b2f1a2f81a9f72ec0a97c0f3983.exe
Size

10.8MB
MD5

70874655f58898da584e393134c9d3f2
SHA1

e6e9dfbfdbe932d5e456e1bdc1dac72946066bc5
SHA256

a8f21b50ae729d1b665fac04deead46ef5ac6b2f1a2f81a9f72ec0a97c0f3983
SHA512

75d5043abf254d2832b15fa81437cc651dfe7fb31005b123a4964b3661183a441f2c5d96888c580d867300db0d2813d90b760daa256627f46c65fba767d6d66c
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a8f21b50ae729d1b665fac04deead46ef5ac6b2f1a2f81a9f72ec0a97c0f3983.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4312	a8f21b50ae729d1b665fac04deead46ef5ac6b2f1a2f81a9f72ec0a97c0f3983.exe

C:\Users\Admin\AppData\Local\Temp\a8f21b50ae729d1b665fac04deead46ef5ac6b2f1a2f81a9f72ec0a97c0f3983.exe
"C:\Users\Admin\AppData\Local\Temp\a8f21b50ae729d1b665fac04deead46ef5ac6b2f1a2f81a9f72ec0a97c0f3983.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
e8c03f44b5deccc95eea90cfafdbe16d

SHA1
b983b2e93c7d8addd9549e830d989e3c4bb45bb5

SHA256
5d634391830e92e26183538e4ec80f53af402fc1227d7b3d7cb8edcaaa9faecf

SHA512
e462f1d5440bab3c6ce7cc38e3750f5b39321b0df93b3ab86af7080d223cf8e9b90d994e62a7515cd79c4a3458d40bc55345e5c3710bb096f13ce42d3daad8e1

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
61a19ea0df9b7e722bdd1959d20a2c2c

SHA1
a4750e61bbd349259152486f6e74bd6c02042057

SHA256
ca0ff79f89afd72063dd448a1b4545b66398548502779664d9726143eb53e6a9

SHA512
7768754f911266916daad1b061f446202bbd2b946b0b4aeaa76e0b1d19a561fcdd9be0380ac8a38a1e5302c9b279c6c23bc1830ea531ed6a152f0d29c0480aa4

Download Submit