5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5

Analysis

max time kernel
136s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe
Size

10.8MB
MD5

074d93cd2a00a9c81dcb2301098105c0
SHA1

243e2fba36ec7e796af7a17ceaca7210a8aeedb1
SHA256

5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5
SHA512

a85ebbbaa5fd9760094ccf82f0880b0db173898c52a5c5cb224133ffe1c0b7098c3e64bd049ba642bbd6a9eef0fefbd3114361e5dc1dacd6b0b356077b816fd8
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4536	5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe

C:\Users\Admin\AppData\Local\Temp\5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe
"C:\Users\Admin\AppData\Local\Temp\5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
7ea2e570314f8ccb09ec5c91c97488c6

SHA1
4e515df3c21abe93ae1bf6e026257e933a4fc080

SHA256
87b77734503aaeff7d96d655a7977cb8a638d8ee9e1da9918271edc6f81660c7

SHA512
5d2898f80d4569cda0cd16a860a53455867fef96d9f33b9c41b80acf6a7c5d2cf33ff9069365666834214eea4ef845c3fae713d03fd67bd28507609a1a440a18

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
cd05077348a3b9a0ed0a06b9a7cf6a98

SHA1
0a44dffc3c2a67b1ddf24dbc46b6a783feb2bf15

SHA256
85185069df154e33c08f096bc3c9dd7086d65da5b2d02d5df37e04e2c7d1ecf8

SHA512
f1988a3fb41bc4fdf8f33a597aebdcc6d1d70902ea47c679e81c5dcb6fcc6be8086c5118d506966687d15cf43992e78c0780a9ec70bea05927264ea212ea9783

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
a9e727947e39c457464eed751d4c2119

SHA1
3bcdf50a1beece34d14ff190f80b4de4b2e92690

SHA256
1d1e469814558e85ceb9f0fad717102528a8027a057e8d131f419c1a53e47405

SHA512
3918b5620bfd51c58e067b70c57a302904d168ac330fd4fbfab897dbd535abd7ec3d6bb1b1c116585c02d39a83ddbda52b6f9f1b059d4e3c6a38b06215ee7b5b

Download Submit