67dec3928817363cf747035c722cd3be08b65a61b75b8ea691e44af31a826286

Analysis

max time kernel
96s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 17:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

67dec3928817363cf747035c722cd3be08b65a61b75b8ea691e44af31a826286.exe
Size

10.8MB
MD5

f48a25a01d0695b6a8935b32a9dd0791
SHA1

87ef56f1c2a5c1a9bbde9edc5edea34ab91d8862
SHA256

67dec3928817363cf747035c722cd3be08b65a61b75b8ea691e44af31a826286
SHA512

8e3fa121fb374901acbd408224e8b3509c74509b79e2ba25c715820e6dc9ff85b037e3d3cbd45a22d671471a1fe3f72f73a7c1df5bf54771094cdea66e1c203b
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67dec3928817363cf747035c722cd3be08b65a61b75b8ea691e44af31a826286.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2492	67dec3928817363cf747035c722cd3be08b65a61b75b8ea691e44af31a826286.exe

C:\Users\Admin\AppData\Local\Temp\67dec3928817363cf747035c722cd3be08b65a61b75b8ea691e44af31a826286.exe
"C:\Users\Admin\AppData\Local\Temp\67dec3928817363cf747035c722cd3be08b65a61b75b8ea691e44af31a826286.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
6cc8345e4f9ae0ea595c9dcf84211c30

SHA1
cca296c50f798de700d33fc07e589550de1dd924

SHA256
d99df07e54f117a6ef9f10029fcb2f04e36a76d750b4e5809ac262ff97c43297

SHA512
1d2d476b5d15a859a2f74121b608530aa57d337740b8017102f0d2f70e049530ccd30764e9e85768e8505845020ba542295920886c306d2011491ba03b086c96

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
9b55cecfa122718b61bbad0a75cd5063

SHA1
3553efd15d71b81dc5a204928209d48e6c90a4b6

SHA256
f0656a29ef492b472c8fece2fb8e225aa6554f717ab6eb76a21f97daa854af36

SHA512
96c957c46b930ba3cad693899f699a9f3d3384668281e4269bcded749883674c9018388c66e77a5febb2439ef5c902759942e0ff30bdb81ae24b134e3e2f2203

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
99298a3b12a09dba97edbeffe98e69fd

SHA1
a55847c7ac4de8137fad86b04e506eeff3bd3c60

SHA256
bd6e297b6499a3119c817e50fcecf7c85ff85664eab01298ea58e1192a0ea2c1

SHA512
b76c10bfb13151974d4fe4721602593e7ec581c1d37df19b4359179433c5295aec900b0b687577d22d83ab96a9ff09310f7513e10f111a0e4d3b4de80ab62d70

Download Submit