b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3

Analysis

max time kernel
122s
max time network
151s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3.exe
Size

10.8MB
MD5

00876b5f87bc9bec9b8a51d3ad48f4d0
SHA1

012af6601acf4250bd5689e3c2a37684f1078ef2
SHA256

b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3
SHA512

5e6826c8058cd6d3ca54e0eb26e733550e5472d28ebfd9c6cc9b94aa6ab98f090c4c93c2004edbe83e0a7f2a24b6b2759d351a414f095067a52b497a03da1849
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2604	b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3.exe

C:\Users\Admin\AppData\Local\Temp\b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3.exe
"C:\Users\Admin\AppData\Local\Temp\b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
3c6478986119ea19be5c303b826b2707

SHA1
79bc6e1c65b97f743ac1ea0e0141a09ced6cb375

SHA256
317945c202456c6d97c01dec630414e4f339d5bbf26bd71c829306c24cf56b0e

SHA512
9ebb8d19656a46961a349d0477c90f2f0aa0ca8ccc5b1ed8293806e04f57c90a4cb3828ad8d242f472a74a98a1310b454b63e0e30295222dc9299ee1c832044d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
2b561c61a2983276e34149d187bef552

SHA1
99a294b9f16bfd58cf951d391f57a5b2e1604f17

SHA256
29abda924307f8307deb9c549bdcb0b827e1ba377acf422da166eba16085d2bf

SHA512
c5aaf91ea02087d4a5b8d572f9188ab3430c0b26c942c7a3a89c1212f16f8707e19cf335b20c8be4161fce7839e03c73c5b04aacd332cfb30d5aa00b36614fc8

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c4e2c9cd6089db40e2fe4f387a5a8335

SHA1
8a87b498221cac0ce9bd9547ada86c0621fa1c31

SHA256
d5ca1435c40834905a63c6f235d791af7fec32c4c011b3a1b3aa84dff3f4dbc1

SHA512
56b5d5344d29fb71989375483d0d204503145c5d6a5b4cb2bde5c2f5fbc9f29fb522dab01d854a6ee1c69e47f7425e689a40243298e6b19341d85a4ceed42575

Download Submit