aaf06eabb3d2b6f7cd22f4b3d019626f5e4f9245f9cc863d26f4d78020cbf23f

Analysis

max time kernel
137s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-08-2024 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aaf06eabb3d2b6f7cd22f4b3d019626f5e4f9245f9cc863d26f4d78020cbf23f.exe
Size

10.8MB
MD5

276c4b740bcc89f4d7344bc25d33d525
SHA1

a16501c848f94796aba3677a862fbb90a138e2a0
SHA256

aaf06eabb3d2b6f7cd22f4b3d019626f5e4f9245f9cc863d26f4d78020cbf23f
SHA512

afb499e47dfbb98f5ff4888b8c3766b0404b6336028f042ad883ab2ba842ffc20245f13dfb4b9f6f7db015515396a4988e2fdc896323d02f568f94ca9dedd8ad
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aaf06eabb3d2b6f7cd22f4b3d019626f5e4f9245f9cc863d26f4d78020cbf23f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5076	aaf06eabb3d2b6f7cd22f4b3d019626f5e4f9245f9cc863d26f4d78020cbf23f.exe

C:\Users\Admin\AppData\Local\Temp\aaf06eabb3d2b6f7cd22f4b3d019626f5e4f9245f9cc863d26f4d78020cbf23f.exe
"C:\Users\Admin\AppData\Local\Temp\aaf06eabb3d2b6f7cd22f4b3d019626f5e4f9245f9cc863d26f4d78020cbf23f.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
c52efe4b89d09ebd3771f68c53b198f0

SHA1
4ac0ce3d02b53e6d767c097a22abae8c72341556

SHA256
368ab89c75b865bb96bbf810fc0adcd2033413aa2175635aa71278a833fb55dc

SHA512
e5678a3d666d4f973b3470f0e8b7f4ab7cbc06d99cf519a78b61a644a3461a8926af6f63fe6e5f1c701430f48869dba65d125b6d864f03cd43927e15e5cc8254

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
a69736f681938b1af39add451decccf1

SHA1
3fdb8b750127df8f86723b5a0f8e9e86d1f6cece

SHA256
eed83c61b86a3afcc3039be76e5f2c39beae8290b03d66ebd8af42715c5d0789

SHA512
51189137ee9602e3151c041e1481a7e7a3d5a1425a3b818239df5e116b12fbadefa6d21020f327971dd022f8cc184d2d0b3cc3a7fbec708dfa268445a2b29033

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
a4067961945dfffecae7987e9aa3ab22

SHA1
4a80a591f5cdbdce27d621c57fabd58a3e26c76a

SHA256
197ecb7b1289d24b98ea672e0c32f8c12bfd5f86234eb2f1c96f3bd625f035d5

SHA512
453f66b09032e7e741eb7ee5b3f605cfcbf6f08888c2faa5272746204d74db8d1dc00195d1fd5c1bbc7702c5b380ca17101701bf2d0abb88e1b48edea25a2ad1

Download Submit