b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3.exe
Size

10.8MB
MD5

00876b5f87bc9bec9b8a51d3ad48f4d0
SHA1

012af6601acf4250bd5689e3c2a37684f1078ef2
SHA256

b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3
SHA512

5e6826c8058cd6d3ca54e0eb26e733550e5472d28ebfd9c6cc9b94aa6ab98f090c4c93c2004edbe83e0a7f2a24b6b2759d351a414f095067a52b497a03da1849
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4876	b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3.exe

C:\Users\Admin\AppData\Local\Temp\b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3.exe
"C:\Users\Admin\AppData\Local\Temp\b5632b40fa1bad855ed58fae5db8fce26cd2387d0e16a48cc22cffea55465dc3.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
a1f7022d66d916fbe734865c1f9f9660

SHA1
def49a717a893fb5229b682c8166b40c505812f1

SHA256
e9e41165d530cce62266be7aee54d6db1e97c7d97b19e547c46752fbd1783022

SHA512
8d4d397961ac6b0eec1f6343dca491c65fa82790077d1933a9c2454e74f768587b867d3db1668571ed85c679958d67ac49df011d36a7c1b33aef94b90fc8d04a

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
034dd005d3442875638f9baa7a080594

SHA1
7e5f89bdcec3dc790b8fddd0170721bd30f27233

SHA256
f991077a91c86e6f9b47ee9b4b5ab2c7212f34a41248750277688a6a33cbf4fd

SHA512
3834125ecbdbef2c8df983a67d22044ef4fe726ae4fc1c3631c92be91a1b3a677aebfc38f251aeb564472721d395f1b9a41cb27f631960f34e5c6fde08457e10

Download Submit