f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d

Analysis

max time kernel
117s
max time network
151s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d.exe
Size

10.4MB
MD5

89cbabc762a66a79dfc603019d038557
SHA1

eba086282d471980d704d150b20d07e8fb31db64
SHA256

f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d
SHA512

f3bbaa91cc9aa3454e0c732c696ea31b8ff42fd83e10eea5d2d47fee5ef3b9b9be1879e55d4b4d799af10abd9031372ad9af820a263115dc572ad211c1eef7db
SSDEEP

196608:KkKZgSSJ7PbDdh0HtQba8z1sjzkAilU4I4:KkKC5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2152	f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d.exe

C:\Users\Admin\AppData\Local\Temp\f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d.exe
"C:\Users\Admin\AppData\Local\Temp\f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
26963118da034a29730db08ae442fb8b

SHA1
e2f7198a5cf9b996987c903541ae541d2a6f55f9

SHA256
5ff9b929fe12921969d88d9583feb2edc2963095ef6d85040e70ed65ec6251ab

SHA512
e3dd78c106bb26aa16ca0198bf9fd7cfec1e9ad3ced7b4e94548bdec5e0394fdf4b0522a91b381ecbb38c9e395ee31b98aff2f5598fa0d9ba86bf330010286d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
3d8e27c9b060e28fe2305d40753591c5

SHA1
a1a772dbb6218829a263229fbf621067fc8cc7e9

SHA256
4313c50845eebd9cd53ea10797a0270ab559a03e9fcbaad850fcd8770c1ccebc

SHA512
bfea38c79a6b82e530e52becaa5411d85f7582878b52ebff5d3e9cc7899318a5d47ea87dc3ee92621d026aa85bc803d8c93c59c9c2b970e0979a629a5831ee41

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
d8f77c4e5c5bcc842b39786a97f9ae18

SHA1
ec229f1a359ed72ef5283089bf241b6b7d39ac6b

SHA256
42a20c89f6db2251a20274bf19947f8b71982905ed0f0891c98db65c965cacff

SHA512
df2c04ef054a75c6ec5699c68b7b4da343854849b8e72372eec6843f78419f712fd698ad0ee1b77ff99f7dca281767781d1dd15b078c6d0ebca7c81223771363

Download Submit