86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe
Size

9.8MB
MD5

13dbbdb9013735588421301de0a791f7
SHA1

10acb6ac4231ad909b45971234b0542653d08dc5
SHA256

86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a
SHA512

762aee11c1bd58cae3c70674373d0910b603711e6c754b6588168672b9f78f809e03b09b98dbe0916d454ef775b4063ab2b0fafec271346ec2c45dc44cc6000c
SSDEEP

98304:Abl/9COfOIIynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vVGyWWyfJprG:AKSSJ7PbDdh0HtQba8z1sjzkAilU4I4

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3216	86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe

C:\Users\Admin\AppData\Local\Temp\86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe
"C:\Users\Admin\AppData\Local\Temp\86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
c954cb1eb69067c4694fcd3695c58864

SHA1
dd060fa46936370cb654dcfbb8438e1adf518f00

SHA256
251009de6bdb154a680de335112c571f2362e3f7e389b2701d3d059fd99413c5

SHA512
e4d59eb93b046fb7f175aea02181a2025e6458cc854eb26dc27116795d36e402ee1f35b3e66726baaec864f862a705ac54e419c6917a57710142ac2b709344fc

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
140e8c97dd00168d110aafc1cb04549b

SHA1
a4a5c508448d34a58b3a5a7554da318bfde39f8b

SHA256
d03586301285b12a302b24877ab4d139d5d43bb653a2575009d4585749942a30

SHA512
39440e92ee209e637e5f0e6376f5b5d44e1b32b78e605851b266a7a9f781330bfde21ac482a053a58a664d8acbf38b92b6aaaf2b99c01db3a5793580d0eae0d2

Download Submit