18305ed84da46ad2b891aaff3040a68a0937aec55f42dcc91f7634eb536d2e42

Analysis

max time kernel
96s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 19:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

18305ed84da46ad2b891aaff3040a68a0937aec55f42dcc91f7634eb536d2e42.exe
Size

10.9MB
MD5

c36e035709f9454ec65b2476af78408d
SHA1

7a88a7280592b84ee69ccab975534fb01fe50138
SHA256

18305ed84da46ad2b891aaff3040a68a0937aec55f42dcc91f7634eb536d2e42
SHA512

da3ec6e0061351b99afcfc2bf2feab0a5706346c99b24477c8c42a7c31e948f28c50db6f00c41387d6b12470c2a45f65dcf35a21698ab19773e88d651eba54f2
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	18305ed84da46ad2b891aaff3040a68a0937aec55f42dcc91f7634eb536d2e42.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4172	18305ed84da46ad2b891aaff3040a68a0937aec55f42dcc91f7634eb536d2e42.exe

C:\Users\Admin\AppData\Local\Temp\18305ed84da46ad2b891aaff3040a68a0937aec55f42dcc91f7634eb536d2e42.exe
"C:\Users\Admin\AppData\Local\Temp\18305ed84da46ad2b891aaff3040a68a0937aec55f42dcc91f7634eb536d2e42.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
fe494bfbc885545b5eaa1fa55d9e4c0e

SHA1
bf6e03940c05bc0de96af24bedfde06909816825

SHA256
8074e37d4c3d0e5fed899cd66a93336773c776e569688de282589e1d24c497f2

SHA512
e4213fa5628e046d6ff5dfd34aa1b7e9edb83302eb06a7fef0ebffa6a993ba96caefca70714d348de80d01e0aeada8b918ffadb8db49a786d08d5e32344e9807

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
165eed6a54fd082f69ce7edee55fdb1a

SHA1
d59a3f06a42b1e7dfc7cee9b3caf7071619244ae

SHA256
55ecfdc9ac6e255477c4ad66864ce9265f3ccf0cba39128f148ddd5a8a31a053

SHA512
a17f7ba9bce172d7671e4bd228ca9c800e00bae33f77dfe8e9138bb037cda5a0db7935c98008e37490482a29db3b4f0c235a0bf1d22027fdb5807ee8f5947032

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
7b15680e8fa78b379dfac64e6b16ecbb

SHA1
b7db248aba18e2ac0b67f61e0837e1a41d0144a1

SHA256
caf122633ca4da04689eccf2413a473e89730884239e3736bf03da5b9d16d0d6

SHA512
aa5d15c9309517601249781ae8d8042c9879970062c9f3e02d153923d2f2390e3fa8ba2de0ed6a2e563edac3e69a17c7df63293a3fc5a856bfe4daf5155d7b94

Download Submit