9b947fff693de5244351cc56d40582c60a502aba674e7e5aa14023b7a9cc99ed

Analysis

max time kernel
136s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b947fff693de5244351cc56d40582c60a502aba674e7e5aa14023b7a9cc99ed.exe
Size

10.8MB
MD5

28e2f9388087d25ab73c757995eeb210
SHA1

4580981f2f3e83bf1461b66e59e9709637425894
SHA256

9b947fff693de5244351cc56d40582c60a502aba674e7e5aa14023b7a9cc99ed
SHA512

1665c3a19ba1527732860e1c1bae1d158aed035c75ae7638bad6369cb8d92c2595620b4b087dd3ba62cc7f0b53ef25b3b37ae4f4c5f830807d71efb4577d691d
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9b947fff693de5244351cc56d40582c60a502aba674e7e5aa14023b7a9cc99ed.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
400	9b947fff693de5244351cc56d40582c60a502aba674e7e5aa14023b7a9cc99ed.exe

C:\Users\Admin\AppData\Local\Temp\9b947fff693de5244351cc56d40582c60a502aba674e7e5aa14023b7a9cc99ed.exe
"C:\Users\Admin\AppData\Local\Temp\9b947fff693de5244351cc56d40582c60a502aba674e7e5aa14023b7a9cc99ed.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
80623e2681485bf2db58f8def373288c

SHA1
cd02b52309f63a6b31a675056a73a9129c7c9e95

SHA256
846febb3053ce4e5210976dab567210fd5883c0b8eb38d7926a0feef76a470e8

SHA512
8fc2ff8006db2ae92d4e4bf01b5bf3fb2404b74049a7047979e1e793de32a94740fa481e864ab5fda972cc8a83ecdd8b52277a4072c86c21f1f7fc6c90d4c732

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c76a13163179f079e90a8b9f472b9512

SHA1
842cdbddb530746af1338eb8a2856859753a4734

SHA256
0f9853d808d651e445ac156b9a96e7172b93842b6da752e03f75e69b7f774cb9

SHA512
8e6b6b6c9d539c4d0af04e66f745545ec2000c00755621da1a7e7d25914e95527ca55ddd981ab934369f049f6287d13354486ed101fd1789d5f629b5a9717f78

Download Submit