c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c

Analysis

max time kernel
142s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe
Size

10.8MB
MD5

cc41e8a2660f04f4867ffb0eeaa3283b
SHA1

71dfb072d6a88f2b4032517ada9811da8b231f76
SHA256

c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c
SHA512

6240a77960fc8655cad3286202d801b5f905beed311e8107327296276e9a8ed7a91f45e3aa49d30cb6c5b5824ad64026c39dea04709e7dda506a49130a178231
SSDEEP

196608:CSWyusZSYASSJ7PbDdh0HtQba8z1sjzkAilU4I4:CSWyusg55J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3396	c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe

C:\Users\Admin\AppData\Local\Temp\c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe
"C:\Users\Admin\AppData\Local\Temp\c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
f2b75002914204cc66784265ece6d1cd

SHA1
c30342669b197a631f61e62dc893b5e9e67dd16c

SHA256
038b25c16e0bf882264deee8020c93f6d431b42f89381827e73fde3bac476bc4

SHA512
5fa0e71cb90482a2c506d8b4d4d776d633090c44e5fcb61aae5bdeade1fabb12c1f68098087f008b4e23ee9ff875f6ebadd740eaef504361e2044d257eb24bb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
912d175fe7c4820fad44ec3b6d5422d4

SHA1
2736f761a1ae49b625bebb64ff1271d77c667a41

SHA256
8268d1d65840ccffe8faafd069f724c8a82e5a6e94fed33cd9cca95936c3d8d8

SHA512
71928abbf7634c407361804f6e2fcd2b71c3dfce045380c16e56c3b02551d9110d51ef5b241bcd8e92272eb7717950955ebcad853609cc8d44b2f28e7ee2f041

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
29b88058c8ff4dbec4adb9948e621a7f

SHA1
272db2a7d2a24657e6e109ce42960399669bb088

SHA256
df51c599d975570a879d1fd29484b07d9e99d4be5740a504f79d91e16e75582e

SHA512
2091c06792e7fd053d55b24f82d2d88bb18a6db9735dadb99727e6d6db279793642494ec27ab6df43993af30b4602813b0f63923abc736a8ff8dfb823417efb4

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
8f95f165c73a5503ca37b755b3fe4e7d

SHA1
8618ff9bf1e663f0adf76c22946561d91773066b

SHA256
4a7c1e5a8ff31233e3296bab84e8e06ad157730a109a558915ba3f3e954c9c3e

SHA512
59737a389a21d8a047613b30da943e409e4be8e54ad8ed6683da3fcef6c23621de9f2da5a21062080b1f058e5cd96dfd9b179869713b9578c76dbbec204f3fa8

Download Submit