f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d.exe
Size

10.4MB
MD5

89cbabc762a66a79dfc603019d038557
SHA1

eba086282d471980d704d150b20d07e8fb31db64
SHA256

f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d
SHA512

f3bbaa91cc9aa3454e0c732c696ea31b8ff42fd83e10eea5d2d47fee5ef3b9b9be1879e55d4b4d799af10abd9031372ad9af820a263115dc572ad211c1eef7db
SSDEEP

196608:KkKZgSSJ7PbDdh0HtQba8z1sjzkAilU4I4:KkKC5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4568	f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d.exe

C:\Users\Admin\AppData\Local\Temp\f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d.exe
"C:\Users\Admin\AppData\Local\Temp\f464d40a891518eaeff9de765dd96994f366cc6292e99b3436bf5dce3772788d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
f9034a5c19008fdaf27ae52342a81219

SHA1
7cf7c513dfddf2c1e4993fc211e33a5683310e5e

SHA256
1ff61096ef9eb56d8add594c94dae65f49f1428f8747aeeefbbc96f7f2d726a8

SHA512
a22b087a0026e1ba8749600b653384cb773cbc1e84196fe4aac21c81bf82d6bb346b645b02f212d623897940fb7bd8fb7d983147b5488c8097bfba9f5c0cfe27

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
29a888b769fcfa78ed197e43d301de14

SHA1
2396e5c4b92785f2b8882efdf296c008e20883e0

SHA256
19ed02d18f52590762b5cbbba60355a188e5c167e360cbaa242815223ef00649

SHA512
82be389badd3d947aaf47527465ec8d745d570e87d6e19bc92c1c9482e28ab772bb2373dfa0b6807f584b41623696732bd6ae980bc9c9db8706791ab5df1e300

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
9e50d59185c5803ce0007ee9c2354a96

SHA1
f1f2108ffa40f86c87c8cf95d0aa061f91ae3fb0

SHA256
1c565d3d14b1d414c8e42626bd3f1835e834d869996691bcfef656a8dd2f8490

SHA512
2834bc0ea700ecc36b933447256a405c577141e3f79023054d50c3363bf41d93e662226459a255fc47537779abcb0f58b78bd718a0df5c4d14af8385fd3d5001

Download Submit