1318ed9842be111d6b8d161ec3b0f48a1be5a2e956dd3dc938a5f47d661a9b25

Analysis

max time kernel
130s
max time network
143s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1318ed9842be111d6b8d161ec3b0f48a1be5a2e956dd3dc938a5f47d661a9b25.exe
Size

10.9MB
MD5

e23af1817b81bbf3aba41926c4aa8845
SHA1

101d383d659900f09013374b6cc0641d2420ef55
SHA256

1318ed9842be111d6b8d161ec3b0f48a1be5a2e956dd3dc938a5f47d661a9b25
SHA512

72ee8a10e93c51e39c81a480b51c49bb25c1d897afde2a2ee3afa0adad74ba632a9888dc0f85e0f32c7e709b531569cab66a6443d7b99786d0cb64ae528cc2f4
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1318ed9842be111d6b8d161ec3b0f48a1be5a2e956dd3dc938a5f47d661a9b25.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1976	1318ed9842be111d6b8d161ec3b0f48a1be5a2e956dd3dc938a5f47d661a9b25.exe

C:\Users\Admin\AppData\Local\Temp\1318ed9842be111d6b8d161ec3b0f48a1be5a2e956dd3dc938a5f47d661a9b25.exe
"C:\Users\Admin\AppData\Local\Temp\1318ed9842be111d6b8d161ec3b0f48a1be5a2e956dd3dc938a5f47d661a9b25.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
fbaf94ef3f80b65587e75424c35d26b9

SHA1
3a4dfee5ce4ea3e08348f1b07f3caf56506c6d76

SHA256
248210e91a316d5e4d7dd4abd00f80d85be1f3f0eb0ad931062338800b78f2df

SHA512
08cf74927910beb18d5bca8278e3717dd77cebd1fc487ddd436a4d06a2d86e5fb3b880cf60448fa79f7c742fc40268b2542254beb11fd7053c4aab360d099d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
8b689da9933263bc154e7cfd9fca0657

SHA1
b96b14a3a76e23c07e7b44bc6298d08ae9fdf8a7

SHA256
1a8203f106a66798deaa785e8db9c40becdb2a11150cb1289c7ac732b61d75ae

SHA512
21686db05240a6349382004e78c41a1b522352bfa2cf650b4a9265cfe4a539c02f0d917dad73fd9e675cbb55abf16efc193102ba6d9910abf3f1a32e00b20259

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
01db57ce43c81ebbb2ace0d45630b8be

SHA1
f57923bac0ba5e6f73f3ab8030ec2564a50f20f5

SHA256
545654455dc53bead9828dab36890ff695cadd40bf303d01a3ba9ec2b534aeb6

SHA512
b315c404c55fbdc062229a094fca2e5962018bf23a3bd338be68242e2a098383a624d58386f46a8d7c7756289dcb906416d65282b3b597708d9e45b4fb8e1621

Download Submit