5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe
Size

9.8MB
MD5

8a6886cf407199f93288d09502721fbb
SHA1

ddfafe8db25527701b27960ab4dd311f70004cc8
SHA256

5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3
SHA512

9929fb89382cee20ec561e49193fd7c985c06c96e2530b5524272f130a9801d2d09c4a27fbb2d4917cf093a43b9f24560723930641cf1347782e5ea60449d1f8
SSDEEP

98304:OLl/9COfOI3ynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vVGyWWyfJprG:OxSSJ7PbDdh0HtQba8z1sjzkAilU4I4

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4624	5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe

C:\Users\Admin\AppData\Local\Temp\5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe
"C:\Users\Admin\AppData\Local\Temp\5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
485ff9d8fa2aeef3bb6abb0ed833ce6b

SHA1
33f12e7a052c21c9b73cca82ce3493d783cb6923

SHA256
88fe2f09dc6f8a3945bc79298e971905012040d0d86c776a71f9edce7d8f5368

SHA512
807284aff187d9fbed569754c6cd0d8266217f4c932d392be7eb4963710b3f7dfd5eb772337e2744e24db81e90fb8f9d9136caac8e577782f03e6810e65aff61

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
fe077428b0df24a0e5d98090f52e15cb

SHA1
7fcf867478b80711312fff33fa0142a6f2dc629c

SHA256
1ea9e00d3589bb9300085eaa805e124b3af599fb6d045211c51672ad11628476

SHA512
1a24a8e757abd79c4b79cc7db113d4813d98e2352829f64d974f2f48a2ae0b970caa74e4755578171907847f780cdd7bef5ff4fb25eeb311c138786160a8dcc5

Download Submit