9fecad97b0d176ec490f5246430fe4978f065a28a35f9e6ba247f3dd544f6f7a

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fecad97b0d176ec490f5246430fe4978f065a28a35f9e6ba247f3dd544f6f7a.exe
Size

10.4MB
MD5

9936e0a9591fdae3bad8509e269b5ac5
SHA1

77c6c241a1c572e92f31dceac47deac4bc398078
SHA256

9fecad97b0d176ec490f5246430fe4978f065a28a35f9e6ba247f3dd544f6f7a
SHA512

c09a44323f35ecf44a3e02c9fb77678d6dff91a09743bc3ef373e255a293bbaf4859409e6459c9ad3b8735ae50ff0fe906ba9ce1e7e46ce59b805576018f042b
SSDEEP

196608:BKSSSJ7PbDdh0HtQba8z1sjzkAilU4I4:J5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9fecad97b0d176ec490f5246430fe4978f065a28a35f9e6ba247f3dd544f6f7a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3600	9fecad97b0d176ec490f5246430fe4978f065a28a35f9e6ba247f3dd544f6f7a.exe

C:\Users\Admin\AppData\Local\Temp\9fecad97b0d176ec490f5246430fe4978f065a28a35f9e6ba247f3dd544f6f7a.exe
"C:\Users\Admin\AppData\Local\Temp\9fecad97b0d176ec490f5246430fe4978f065a28a35f9e6ba247f3dd544f6f7a.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
36b2ac37828f4fa1d9f39085b2585e98

SHA1
dcd6a8c587d0073f5ff34e382d6b5c200da2fb32

SHA256
0ec2881dd206a5cc56ce54863c0a364619e06f6db4dd59a1df834c8b9a596959

SHA512
a62cc02fe196b01d923ece41d77c1ce54886f91f8c1b806ae081f286b57bdccb5821c630f707b35e0a3ac6bfa67bb1447fa34c879f7f42dd2f7a3c532a0fd3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
b37abd6e1a9cf81d64ceb66b7d8e5e5e

SHA1
30324341fef1d079abfb7de38278907467275c90

SHA256
c048168d3fd343287207d5ce37e562fc674fef483ddd062d04a2280ecd30b602

SHA512
d15da1d1d094efc0fd262b28520e0afc3f60c6560bb03ea8f1f7f147299bc233d1976b4833a58ef6dbd731d1c25a04b482442798e2984b55a4bfffe885261bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
d0df62ede1bd46c47935a2642d4737ee

SHA1
08aae6f81c4010007eb2dfbcad2e726cc426ca40

SHA256
66c03f0030de3937680fe144422e6d7b420e9667dc37ea68e2cbc8d869c546cf

SHA512
87c58059e5c8bbf5c4b070b89eca17fef29d6d8642d5d23fc9aff9265cad87bc84bd46d643963c44357aa1914be87306852df705259bf7c4d9a91989a07acd01

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
76634fafbd05b3115c49846aae3b805e

SHA1
4a39ccf4e51567fbe1e2ec349d9229ffbe70e2b1

SHA256
af38fbea03df00b4f2dd356a82b6a8d42ee8851874de07bcd73fe17a7a13cdf9

SHA512
83c6ef1d3a31ef558f8df53642d786100770bca7ad43df7a3d2eb61bda9619989241de28b99d6e6fd002d3572323186ae70456256f80948ee5957e145bad03bd

Download Submit