ac6448be0678bac2b0f0507986201460a008904cccb3875f778bcaf20a334e53

Analysis

max time kernel
135s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 20:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac6448be0678bac2b0f0507986201460a008904cccb3875f778bcaf20a334e53.exe
Size

10.8MB
MD5

ce394127b591ce2ef10fdfe6d3d1c78c
SHA1

c4ecbb5a49d2738afb910274785d383f4b4fb57f
SHA256

ac6448be0678bac2b0f0507986201460a008904cccb3875f778bcaf20a334e53
SHA512

cafc1184275697a04da2377af2034e313285fc585079a0893a6f94b69c5997a773ddf416c25a2476ff61f9b9ab13d944a60cf448125218d0eaddbe9195f49a28
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ac6448be0678bac2b0f0507986201460a008904cccb3875f778bcaf20a334e53.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2148	ac6448be0678bac2b0f0507986201460a008904cccb3875f778bcaf20a334e53.exe

C:\Users\Admin\AppData\Local\Temp\ac6448be0678bac2b0f0507986201460a008904cccb3875f778bcaf20a334e53.exe
"C:\Users\Admin\AppData\Local\Temp\ac6448be0678bac2b0f0507986201460a008904cccb3875f778bcaf20a334e53.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
31189c1e13a1ee9846b5607aa0d1a7d6

SHA1
d9f71e9a75e174419a6b3e74fbcc8e28d88f4873

SHA256
80e8befdd5dafb3d34320c2596ac0d100d6579126b35c185aa243ccbff76d60e

SHA512
c556c76bfdcb459cdee5a2417b739a24c933ca7d852018ea38efc289a85aca8f021571ba10bb9bbd4b1bf212e2a9c26ee83263666ac8f83d3787d367c7112d91

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
25dd4e805eee672633ca6f72cb03bc11

SHA1
07efd558d850dd1c5b0644a43d901ef079df7266

SHA256
1da96ef16be017d86c8afbaa0d1f6c07261c3f480bb4c0b1bd70c9a765f0bde1

SHA512
0c4843a449c6e2758e9f4015c1c899848a0f8fb95d55acd58ec6c435b62d7a498184f25496210ed98c441e78f06d96cd5ea5723d8ce6179e8e643fa236dc9879

Download Submit