89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe
Size

10.9MB
MD5

250454c58b4cfd10930e6de1824c7666
SHA1

2f4bbcd4bd9d9be6a034d49274df05ce2f24b7ac
SHA256

89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714
SHA512

6e3eebf7f8b0968e6b44681ee5538df27b018cc75322d179098ecdef9d46138a3b6508a2356a15edd13a12e3091886d94dffbc4ff6930bd549b726c272adbe5b
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
532	89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe

C:\Users\Admin\AppData\Local\Temp\89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe
"C:\Users\Admin\AppData\Local\Temp\89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
01f78f59c6629829b428d8f66966c86f

SHA1
e31ffd0b6fdd9feb91eb14635c96753a62cbee8b

SHA256
005c5cdba124fd5e3c1eee6f45412be37878f348d7539fdb4fa64dcecfcdba30

SHA512
ffaabc046a247e4b01815018c3a4b6732509623e9db24586fec08670ae6a8ca872e1b1c8c63b8b4ed1c0b06ed84607f5b848a39d389b46546ef7341a03f6b35e

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
685fcc20a472d3a1a12823c8eae5cad4

SHA1
3b7fef1ea5a59a1d07a4182fe23b958509145fe2

SHA256
362c9f8a3c16c1bd90c70bed1d4c47f9c7dceb0a48cb9976636a5e9c0c1009b2

SHA512
eb76b46a96981734d84773cec71a7ecad4c96cce94cb1eb2b9f4ce785f708c4b5b6744bb0d9e76f859559da7b9d60cb36b4f904bf0b4e5394221fc534ac41a72

Download Submit