c0f2644efb35157b51a73100d8a2439f3ac4df5f9fd47ed9e205ff81550afed4

Analysis

max time kernel
133s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0f2644efb35157b51a73100d8a2439f3ac4df5f9fd47ed9e205ff81550afed4.exe
Size

9.8MB
MD5

57cb7e699bd0d391e6bb0d2a4ebadff9
SHA1

03684873811d3696766fd587e8755b459df2d044
SHA256

c0f2644efb35157b51a73100d8a2439f3ac4df5f9fd47ed9e205ff81550afed4
SHA512

fbd3503b195642259aef37ed50357a26174725b6cb1b1ea40e798fa9739b25586523237db408fc0954e3ba3b913aed1ab04c347f099ee4762fcabeb9f9607027
SSDEEP

196608:ebuSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ebu5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c0f2644efb35157b51a73100d8a2439f3ac4df5f9fd47ed9e205ff81550afed4.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3764	c0f2644efb35157b51a73100d8a2439f3ac4df5f9fd47ed9e205ff81550afed4.exe

C:\Users\Admin\AppData\Local\Temp\c0f2644efb35157b51a73100d8a2439f3ac4df5f9fd47ed9e205ff81550afed4.exe
"C:\Users\Admin\AppData\Local\Temp\c0f2644efb35157b51a73100d8a2439f3ac4df5f9fd47ed9e205ff81550afed4.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
16a0c7643bec4ce4da8d3c83527d7b99

SHA1
1da02fd8bfcd98b7836c186ebbd9f3f0f537c199

SHA256
adbcfd55bdb4d45c5ffd955c09727ee10baa532bd46f83a69fe7c1a900c914a0

SHA512
7f439eda5f01b57a7641cb16c99ac306907253575629567b7ea00e46e85be2d7d8e915c5858940cba3708c01521839612ab0d043185b25b510d0c226bcedf791

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
d1d556ed3c993d66b49bd193f44a3d16

SHA1
c63020944ca79c676d70d45a80523ee5ba7556a4

SHA256
85f6837c704a839b8009679603a66e1cf591f1125d48afbb5ba0d83a9790128f

SHA512
94edb93af4059d0f94b6941661b0526d1c3d754645ee76071c278e58be206538bb3f2bd58690f25a762e20eb8dbfa9c7620c714125c3505ca1c1b921741bd002

Download Submit