7622a091d3d371390e6f19db8ebcb40fe29f40da230269154c7602b7ebe98c9c

Analysis

max time kernel
148s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7622a091d3d371390e6f19db8ebcb40fe29f40da230269154c7602b7ebe98c9c.exe
Size

10.8MB
MD5

0295e27d613a16a8e196a3121ff3ea40
SHA1

56c6c199a46f2eea96a1c2bba6aac61e05baf2bd
SHA256

7622a091d3d371390e6f19db8ebcb40fe29f40da230269154c7602b7ebe98c9c
SHA512

1f9f41421cba2cef724c9e1c4d6fac14881f4e56cc1b5453b0787e5cbdfd61de5d95a254e445a012932059838804501ca22d1856a67867da069e500bb0e8f4da
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7622a091d3d371390e6f19db8ebcb40fe29f40da230269154c7602b7ebe98c9c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
804	7622a091d3d371390e6f19db8ebcb40fe29f40da230269154c7602b7ebe98c9c.exe

C:\Users\Admin\AppData\Local\Temp\7622a091d3d371390e6f19db8ebcb40fe29f40da230269154c7602b7ebe98c9c.exe
"C:\Users\Admin\AppData\Local\Temp\7622a091d3d371390e6f19db8ebcb40fe29f40da230269154c7602b7ebe98c9c.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
6fda87fbb6aefbfad4ef2912a4c380bd

SHA1
b3c9253d78864a8b581b843bfd1f0d49fbc19e62

SHA256
66ac7010af42ee9e752dc5dadecf87cabcf68ca0cce98000ddcc038b7a958e1c

SHA512
114f578eb1bbbf46e9d77713ee6a25712097e1e58d8abea42d56334acfab8af2faab9f31766ac5e31be1a2f05fa476b694b9fa1d47d0601a81cf570ca7bb06ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
b5566e101a03b681e735f6519c67c8c1

SHA1
30554474d436ea2632f224c36525c264b84438af

SHA256
f2b5d4d307f17966bdf47a9a5cdaaf7b41c22b85e678033c6d5dd4736f0297b6

SHA512
fc330d25be8b4be8df38dedf3368388e2cf2fe81aa4fbf0943b39b90e577fe1c435c5a48815376b7b722af65f95dd3ed4cda9e600a59ec9efdf06d34c25f350b

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
70197387ed83b0dd5796e31d2281fe14

SHA1
bc6e61b59fb6ea0284f2c49b339a5b09f3639731

SHA256
2eb726ae63ea9df4aae8225e9f50023ccd8b2e9d96f45e35208a4a83dd0a18f2

SHA512
d03baa259f11515bc6ac31cb9975bc8f9c1332b8e93a2035c04cb874577edfbbab0b62414913b9c6791424cda2bd2c0268d100fc490c906ee2bb9795d6fe6582

Download Submit