e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9

Analysis

max time kernel
91s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-09-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe
Size

12.1MB
MD5

8c4fdf1307b9f5ddadc4694c51f322ea
SHA1

04074c150b61dc73d3221296b74240db4e7958ec
SHA256

e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9
SHA512

7bacee5fbb427b387810eebd94346d1570d784d6aaae664f1ddff6b0609cafc9469060046c3140b5d335b4fb55530758474bc4477b9b53a8342a381dd6749fee
SSDEEP

196608:Lc3ix+GjP81SSJ7PbDdh0HtQba8z1sjzkAilU4I4:LRvE15J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4124	e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe

C:\Users\Admin\AppData\Local\Temp\e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe
"C:\Users\Admin\AppData\Local\Temp\e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
78529df72a959f3d88a46c9a030f469f

SHA1
ce3139241e2289117896640ec38a460652f16ff0

SHA256
b3e610d87c640ce03aada9d882215cdede40237e5968081062d020894ec4a9d2

SHA512
e5e98341e97f1a8fe5547587f2d8246ec9e9388269328ccbc34ef3975fbf6dffe34a9f4ae28fc6ea9ee7810a19c1b5c938186cbc053d40b6e951a7d7f0d312f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
e98e4c4e4e091d08528c7fe4a404a758

SHA1
983db14352f12a9ca2ae48bf660c471bf5ae7b30

SHA256
39030381a5298e7a9bd33c81ddc786d2129f71801166e3e789d376389b5284f7

SHA512
a5c50a7fc935d035e5af84bbecdc88fda4db2d2a1b2587b9f018887cc3f386220e5ca5c58f622a55e72fc1da1fc889179a573c582ae2eea8f734707031f1bf60

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
9affed7d2e6ead98ccf8aebde14335b0

SHA1
55baea06aaa00a629d7d07c792389c0f42f6f7d8

SHA256
74c9d061e571ddceb0846e79ee34b0cd6ece31881d6ca1ebf74cbd4d876d067d

SHA512
2b138b49b098120547ddd620633787e3dd7c79c9cfd7dcc5ec79a2e7485582c65279facdfb9160e692a78f6d52853ca6934908a591ab999a11cba95d29a5096c

Download Submit