85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc

Analysis

max time kernel
120s
max time network
152s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc.exe
Size

10.8MB
MD5

335a47711a890cb6abe1c6baa49a70bb
SHA1

23964c1585dd75758a4ad465f4282b6edd85e486
SHA256

85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc
SHA512

ffeb4ab3646a7f0bc900ef5586d38ac61faa318351a4d92233f684ae8f8ef3bbe1c76df63049c4dd97a6acdec5f1df92fd337f0bcdedf7d9217d62c92bdfe4cc
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2192	85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc.exe

C:\Users\Admin\AppData\Local\Temp\85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc.exe
"C:\Users\Admin\AppData\Local\Temp\85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
48922eb73a39d5b38aef681eb953aa43

SHA1
b2c80bccc2b2d5af1b332b4dc3a8410cab1a2433

SHA256
b1fb4ae8cd05095fc92a159eb795835860da92798c1b3f1cbdf13a2c7959bf75

SHA512
99c046895c521157e967d92b90cb0026f1bf1523731fa7a2bbf28bc756b062dd5570c68c5d570d4a55ebd2addb7152a1a9a112eee676cdf971a58d18caa123f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
461B

MD5
cd5618f3cbff39c5d4a6d549ee233a98

SHA1
f1c5ce1b8dd4575ba517120213b47b30b4ef6e1e

SHA256
31ef06503aacbffde32e7c2cf58ba44a8e846eb4fe55ea1b71938aea177f253b

SHA512
4ce1f49791188a99e1c22f8be0eec4aac725e8e925650e2e58152c602682a77a5b62a5a39b5ded318f5bd122e57d2c5df25181c947509ce0db1070f9c5b8cba1

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
656e40a8bfc060a6b28c3b4d698ddbfa

SHA1
2ee70bb699fbb01b6727338bdb911caeedc3703b

SHA256
279932ac7296672cc4d59841547c39617d43f2e186c47ca877cf1db2f0602118

SHA512
a433843d8a99c773b69f1854d6cb6e0f841c43310bef4e73586bae973d48c48aa6a0846ab94a075fd9ee6a95fdf09bad7db0e8421ba827d07071cb57693e4d94

Download Submit