70463347249b62ff1344b89e1a38c1321a1c7e2375ae4bb52051c27af11510b2

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70463347249b62ff1344b89e1a38c1321a1c7e2375ae4bb52051c27af11510b2.exe
Size

10.8MB
MD5

1ff8a6a4dcd583782ddaf762369459fc
SHA1

548535dff689052cfbec2149816c68f11bc7a404
SHA256

70463347249b62ff1344b89e1a38c1321a1c7e2375ae4bb52051c27af11510b2
SHA512

c8439cde76e5ad62ab7d9be33d251cef017e4a0309b3224632e10d042af9cb3c57175cd5ce4f6cd9e575f9199b9ed1e1aaca927aacb898b2e67cdbc360a98e54
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	70463347249b62ff1344b89e1a38c1321a1c7e2375ae4bb52051c27af11510b2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3032	70463347249b62ff1344b89e1a38c1321a1c7e2375ae4bb52051c27af11510b2.exe

C:\Users\Admin\AppData\Local\Temp\70463347249b62ff1344b89e1a38c1321a1c7e2375ae4bb52051c27af11510b2.exe
"C:\Users\Admin\AppData\Local\Temp\70463347249b62ff1344b89e1a38c1321a1c7e2375ae4bb52051c27af11510b2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
20de1b64ff316fed912f8fcd4132d33b

SHA1
77a898f97994e7f92189760bf0837a6ef31baaa2

SHA256
13befa155d32c54ac672e65892e22af60f1eafaa1b14f588e89caf30f1b6234f

SHA512
f3bb51317a922e761931a3274d3268f5a38b99341d9b5071555784f4c3858572561fb2445673badec85a00a12a797a0eaabdc5ff5fff2b16d7755f097ef15ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
31a07fcd8e3505ed32f7a4f445d2c5a4

SHA1
efb5c8a99b2be3b713047cbf6bd3f8abe5383ade

SHA256
67af77f268cc8ae20ea33598a53c844992695373d286c279c89a5b81535de5b4

SHA512
72249a2d08261f87be645b65cbab80c340eeae0f31cb3b2fb0de55046f9c0c57351b204a45dc464ce697d16d1b6fe7cbdf1e3fd0f27a304ac7d5b9c31ef44753

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2ffb0754e2019c5328acc09386659714

SHA1
85faca23774dfa443ba3f987f5e6fc9590ae40a1

SHA256
0b1041cb8dd0ed3b5628389f81a3d2b99a4b2b32c9c58f84cc594a3976d8e047

SHA512
4d1d1fe93bf7fad3616fdf889461fac2f47e8b5b1ddf5df61d066d433afd6b7c06f0b94c1f21dd718b6bc1605b174bc79da1c0c35fc4fab4bcbbb6466b41d6df

Download Submit