0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72

Analysis

max time kernel
135s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-09-2024 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe
Size

7.8MB
MD5

089b91f41a0ff6fe6d2901fcae4724ed
SHA1

017dece04f6cf64817b99e4cc38837f631a96b9b
SHA256

0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72
SHA512

8e02839263246bf5c7c1576f91ebeccd9b223b4c6b4136ce01967c6b366996ad395f89926ccfa95d0415f462bc8587ae631a939906a26ff82de6cafefbf4a59c
SSDEEP

98304:9uGeKJXtebYOSTtfj6iTKdzOJDb4v+qMdg95WQQMIHp7w0r1hCETL8uE2Tp2m/e:soJ3fj65wN0v+q1gJ7P19FtQee

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1808	0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe

C:\Users\Admin\AppData\Local\Temp\0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe
"C:\Users\Admin\AppData\Local\Temp\0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4156,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=1040 /prefetch:8
1⤵
PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
57f784455fa3f13f396c3ce9d2615df4

SHA1
41dd8b13970402dcdc5184a063a65dc6a542569f

SHA256
4e56097d46c717ca988f255760d79d39d69959da11e7d684b1ae2ab93fd9f5b6

SHA512
49fc5b79e80913a2f6f994c17694815db28500bf3eff50f24dbdd3d70349f3c81a944f4c16ed6b50a8baf661f74b8cf7d5996e32eab9eb6d76435f1546951ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
66dea4991379ea16f5e5fd9f141f628d

SHA1
306b23b46e95efb6677a16e83d288ffacd08fe31

SHA256
baf328d83618f08ba27114e823a048b463cddc0d6ecdcff64ce6bcd86a91c180

SHA512
a6ee478655c44aa8c8443ac7f89e0f91bda19f7746652a6e8c6891dc020f3ccdc233319fffeb42165887bbcee78cf8c664c8b3aca9ce76661f855d8663b423a8

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
56c795e3905fad4a7ae4fe68bb0bd404

SHA1
f13f8983646b9da3eb2f44d41dac4912eb9cfd2f

SHA256
ebf403a6bdbcdfe2da7098fe1c5763759d18035a4620e1edf6f0e5d13b7bdf49

SHA512
cb3d610f9f6f0a9761d6800f70b7a0186d76095830f1f23fd0cb06b524285d20fab38fe464fccac0f696b9b90b2f6be4e032396d62ba870bd83559ba2ae6398f

Download Submit