85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc

Analysis

max time kernel
113s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc.exe
Size

10.8MB
MD5

335a47711a890cb6abe1c6baa49a70bb
SHA1

23964c1585dd75758a4ad465f4282b6edd85e486
SHA256

85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc
SHA512

ffeb4ab3646a7f0bc900ef5586d38ac61faa318351a4d92233f684ae8f8ef3bbe1c76df63049c4dd97a6acdec5f1df92fd337f0bcdedf7d9217d62c92bdfe4cc
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2208	85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc.exe

C:\Users\Admin\AppData\Local\Temp\85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc.exe
"C:\Users\Admin\AppData\Local\Temp\85b25eb5e02c3f809ebff1b308027d01a563c3d25a753116537f740b2d772ccc.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
90e74bbb28fd677fb4a06528f322501e

SHA1
baca87e25fc38e40dd5c8b94d97f52dbe253d110

SHA256
b52aab75817032e4399becd72917711be1c0ab30d97f5976bec922fa483403a1

SHA512
32bdb409cd0f800e52c9cb697eea0938c94553a8f31b6a6a3571c425c0b83caff8d0d9de02f4e0ddb62869da174570bfe721cb1e2337f99f8664124920b398fb

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
21e79ce02daf2137a6592a020f9b2062

SHA1
0d42f5511771fe0b6076767ee5f783ff49d269d7

SHA256
bc5e1c6b62877f2f6f210e1fb6b84783717d76fa406502a0017dabccb249baed

SHA512
738c2c8452382bf7acdd9370ae3fff8b51211f50eb6765bed9f4d6cb74291aa41b912593498f72c934e8b7a03157d99d3881b40e9f924e4eaa8548328de27799

Download Submit