da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 08:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe
Size

9.9MB
MD5

766202ae1f3698b4a592f0a28fd77f70
SHA1

5932880fdbe08368cc07757e52f035783f5d553c
SHA256

da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34
SHA512

920150fc5631956a6e4c155c615c6f457008d079f163dec8d6bafd6163577a1a4d04e4e1d6ac67772a19656fb772a951a796ff7fca9f4e43aaf1e354c0524a23
SSDEEP

98304:IzbdCx4iuyQynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vVGyWWyfJprR:IjSSJ7PbDdh0HtQba8z1sjzkAilU4I4

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
768	da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe

C:\Users\Admin\AppData\Local\Temp\da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe
"C:\Users\Admin\AppData\Local\Temp\da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
7e9e170a77c7eef45f9c512d1b17df65

SHA1
4dcd9948e970941239302b9825e7d38ccc2294a1

SHA256
77d3f6982023090c28b997b4dc5ec80a61027aee732a4c5d242773d5c5fbfbb2

SHA512
e299db9526c1352a6a9b428fe80dcd70344413b8c3ec000e20cb4f60ec54222bf8096b915aed50a7f086b4f4890526624083bf9e9f8a0a10222b7d4ab31ae54c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
2caa58dee5de5c4ae6ffc079f16951cc

SHA1
6f7602581560bf9963c4436cdedbd437cb0aa025

SHA256
b857b820e9ef76c7d2ac255320ee0ba0bfc389841277f5047674c29baefac8e7

SHA512
288c312ca6f75f6f360e228d8e08f2a1a5f14424dedb83fb1917e386476cb38d377fe23bd8f82ad272b829f64ae5174df5f4441aa27d2576a22440d8d7aedf12

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
81246cf9af1707b4c9029fc30f3c4a58

SHA1
853f551f727c29f09aaadd39ebd1eb3bda0acdd6

SHA256
d45628ed8f6242ef133884669e8ed97f35495830d7fef7085b7547db5363a422

SHA512
1cbc8e148c2f0bf798f1b72a77850e4278fdf65d82f2b5d2a84834f6bded6e8ebf14d92a9e4e192277694d7417695d3848666baf1059256aa2cfc7a84391d34b

Download Submit