f6fde72466889f91813ccc628d62875075fb901a0937acdd2885fc4c9a5a5d40

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 21:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f6fde72466889f91813ccc628d62875075fb901a0937acdd2885fc4c9a5a5d40.exe
Size

9.8MB
MD5

71be453f76b2fe8a87fc078605aeb30b
SHA1

66042979384eb5a80b92951bf0950faefb65b539
SHA256

f6fde72466889f91813ccc628d62875075fb901a0937acdd2885fc4c9a5a5d40
SHA512

537e642337cb18062f0ab27563fd60ec45a89549a4aa9b574a752089cf0cb77fe8af2aaeae5532418dc8a1ae0b446975517f70c9b22f31408fc6486e06406a4b
SSDEEP

196608:1quSSJ7PbDdh0HtQba8z1sjzkAilU4I41:Uu5J7PbDjOQba8psjzyz1

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6fde72466889f91813ccc628d62875075fb901a0937acdd2885fc4c9a5a5d40.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2148	f6fde72466889f91813ccc628d62875075fb901a0937acdd2885fc4c9a5a5d40.exe

C:\Users\Admin\AppData\Local\Temp\f6fde72466889f91813ccc628d62875075fb901a0937acdd2885fc4c9a5a5d40.exe
"C:\Users\Admin\AppData\Local\Temp\f6fde72466889f91813ccc628d62875075fb901a0937acdd2885fc4c9a5a5d40.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
009e5acb911c6f41aec96a20b996ea95

SHA1
4e6021fe1c1810fd655652b8349f447153735330

SHA256
813474cb56d1a6dc25e94e6a50076fa5f6f6cc664491e0b5fd63805ca7ee29ca

SHA512
dbffd29f1a8cc481129acfc9487de00021c5228114ba8df6fed6a90dc61e5c988b16fe3cef5936311f9e9990a7da2760f4a48099c9373287bedefa0b530c50ed

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
51e736289465050bd6772a07df07f715

SHA1
b9eeaa28216e8971e0583eea3296036463dbd4e0

SHA256
71f901115b3be194ae58dc3058b3b3eabc5a3d42cf46a753f7a332ceab4dee42

SHA512
cf41ba4c96237c4c34636929270cfa87ea2000ff5b11aa184a7c02aa7555554e1b9e9536ec1610e787098cb035303e42f2909ef170d8e51fc7134f71a7850561

Download Submit