f31fba61a4c20ccbfafb0aa7126086ef88ee9ad06323bb830ba20ba1cc72b338

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 16:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f31fba61a4c20ccbfafb0aa7126086ef88ee9ad06323bb830ba20ba1cc72b338.exe
Size

10.8MB
MD5

ef5d415d2a2d0f87321d03b646fec57f
SHA1

cbaddd73433b3e4b74f69146ffe13cbd884b0fad
SHA256

f31fba61a4c20ccbfafb0aa7126086ef88ee9ad06323bb830ba20ba1cc72b338
SHA512

4b74be1a24819b8ba76510f3298ce407786a84adb0bb4411f5b49e01f3b3c408f459e69906af063dcbc83f8d4c5734d1fc0cca91aa04cbca15e3c9fca4937057
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f31fba61a4c20ccbfafb0aa7126086ef88ee9ad06323bb830ba20ba1cc72b338.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3680	f31fba61a4c20ccbfafb0aa7126086ef88ee9ad06323bb830ba20ba1cc72b338.exe

C:\Users\Admin\AppData\Local\Temp\f31fba61a4c20ccbfafb0aa7126086ef88ee9ad06323bb830ba20ba1cc72b338.exe
"C:\Users\Admin\AppData\Local\Temp\f31fba61a4c20ccbfafb0aa7126086ef88ee9ad06323bb830ba20ba1cc72b338.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
9a531c3ac6a7d6d1095b482f7ed95add

SHA1
ca5b94cf75a22379a2a6e59b80e1be1bbc46188a

SHA256
9728580adcbc20f730ce76f0708fb76a48940b9ccb50ea24078159e8a35fe818

SHA512
c1259cca82492f80eede786cc8b83a3b8b3fbc29853cc06195ec5d5d48af517fc3cd40adf093d9e2de31845574fe7c22d36792c9d614f8ba23186b34a004e784

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
273c9096ebbf7e49fc832f073ac94e4e

SHA1
156cf9a403e8961b78880e5ecf6e12bc108b41d5

SHA256
b5a1baa448b5260dc2565d18d3ef7618f88716665e9b878a33fd30502699c375

SHA512
85c1be9bf57ef055b7fb110af03e61d71cad8b98c9492460eaf83a6fe66294e1fadd5f35ebea2884219c07a3561504f33f610b24f7e0e8daad686308cd559082

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
ab5028e787d59e008b040a6e2b57243d

SHA1
9cd16390f9e656fc7997667e94a5413e6df71ce0

SHA256
23eab989b62923aecf2bb4f2ec9cb642049ff74aa2804f3f8c711349aa3a1dea

SHA512
be9da0acf5935d293738b745b38476279ed61e1f27d6da6ab5cbc88cce03ac8b2392839246fdec9933c3335ea283cb141b52275987429b9cc935666f2e96b62a

Download Submit