9f7308ee9673b1035c2f3ff0cba3f7df6f8ce3bbf725c9f1b48dd4d300d7af4e

Analysis

max time kernel
97s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f7308ee9673b1035c2f3ff0cba3f7df6f8ce3bbf725c9f1b48dd4d300d7af4e.exe
Size

10.4MB
MD5

0d35854bdea32c12f35932624578f7be
SHA1

228a76061a13cdaa59dd45bf71f5ba24997773f5
SHA256

9f7308ee9673b1035c2f3ff0cba3f7df6f8ce3bbf725c9f1b48dd4d300d7af4e
SHA512

86cda333f79ed4cd3115ac6f4661c167660755cda30582afbbb5bdbedc746599ab4bad85b980344a7de980d6ed9fda6e158985389de86c2c06ea7b996ee78106
SSDEEP

196608:KkKZgSSJ7PbDdh0HtQba8z1sjzkAilU4I4:KkKC5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9f7308ee9673b1035c2f3ff0cba3f7df6f8ce3bbf725c9f1b48dd4d300d7af4e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4972	9f7308ee9673b1035c2f3ff0cba3f7df6f8ce3bbf725c9f1b48dd4d300d7af4e.exe

C:\Users\Admin\AppData\Local\Temp\9f7308ee9673b1035c2f3ff0cba3f7df6f8ce3bbf725c9f1b48dd4d300d7af4e.exe
"C:\Users\Admin\AppData\Local\Temp\9f7308ee9673b1035c2f3ff0cba3f7df6f8ce3bbf725c9f1b48dd4d300d7af4e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
f6cb3424f7708089c7d2bde6a9d96852

SHA1
da0196cdae7eee99182f2f50aa377c4e7c274b9e

SHA256
703a52191756581f85859c3c1f953ac243d8d0abc1d713c95f55004fd26a32bc

SHA512
d5b4fa6dc300c119baea96769bf85d5c9dea548d51ca2f8dc819078aeea34920ea13be2440e0f84172cb624ced625638814661bc2aad30a989167e008a7367f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
aabe58a6a2d29c77d9861540ba746611

SHA1
6a169c11601e2bb4aecb5f0559f58113330f8555

SHA256
34cde6967b482bcee299c0a2b0136ff030dbe3d2afb19aed4f9b821df1c4c669

SHA512
299e8e53a4c5ea37c215f39283cbcb49ec11a339dcf53b91b1354245693328f68334699aa5fc55149e5edb9b286a4fb1e7f7bd6af5e10cb20625c9b84eee9434

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
bebfc1337f1bb43d3cfbcc33ac9fa0b6

SHA1
7e6cf89e77d66f27dc62dcf1d018fd37fca8a9e0

SHA256
60e2f66c4b8f0c1ecd37cf45941fa101dadb50f2a9a60568a11d8374b15e83b4

SHA512
f33043ad242ca187fe757deb132d6da04a947a63a136c8b6e39f9e3bbdf22c9b2541de37fe39abd79a6953863a65ac735f062337bf41a3aebb2e7c7e787426db

Download Submit