14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150

Analysis

max time kernel
134s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe
Size

10.5MB
MD5

e45ef6f5b547a11ca992adaf424ef20d
SHA1

5f47552e6ba1c678affa51c2ae79736bd3f6a66d
SHA256

14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150
SHA512

690ca5b5f9787cbdb26d4c62b957a71cde000cbd46f876c724c854563c4c8b7285fb6adf90e6a0bae28bccf1f80e01c23fee07af9855a414467d53c160a0fece
SSDEEP

196608:17UX5SSJ7PbDdh0HtQba8z1sjzkAilU4I4E:1s55J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4396	14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe

C:\Users\Admin\AppData\Local\Temp\14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe
"C:\Users\Admin\AppData\Local\Temp\14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
6d88af2071060fdd984d148f8562b324

SHA1
4152bb9db45f16a46bf64312187d6a1b4e1612a7

SHA256
2219d5b52df9d461da677168b2f528094cf065fbe27058ac48f7eaaa070c43e3

SHA512
ce5d0a359875fead5ebf3891b7c9860c4c6e910274c8099c5bc0e5055735ffb7940c0950c8215986257c9c59ece5718a542817515e0b47625e5dd6da9e1deea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
252b8f86c4d2728e8c1d15b617e54213

SHA1
388656165233e0294d331b8a2109f4f35ae352c0

SHA256
6e95b759388100d1e46950eee50c26f9a75d320eb23f647083b1664a1cadf099

SHA512
d1b1c25a6722c72fba568a815cf5c4ba4da12249ef56c7b2b3df268ab5ad7d6b2f21eb695d47ff4a3e7a5fb224b49738c59c85b243c3a8d3180d9b4f3d7e0c89

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
d21deda2f910a0929691b3118cf9124f

SHA1
771fb19bd87cc452bf0274d657c92f0d65e3e836

SHA256
35c2e8cf2423953a8a43301f2395dee49fa505538044755cfe2238ae0b7f98f5

SHA512
a1aca585eb61f09cc1ff8a02e137d49905b4d33e066ebd0a7933436af55b8df07cc1efc063cd469ae37539c7f78aa9115cb2f95fb5cdb49c42ec3501639d1a64

Download Submit