fabd53993e04eeb2b5fb9a462299e3e57d8922ccc9cbf76dd018ea18ad0a986c

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-09-2024 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fabd53993e04eeb2b5fb9a462299e3e57d8922ccc9cbf76dd018ea18ad0a986c.exe
Size

9.9MB
MD5

10f01f79a8bd60370296a9cfba8e73d6
SHA1

8921ab7618d6faaa63fac528e8ac245656e77490
SHA256

fabd53993e04eeb2b5fb9a462299e3e57d8922ccc9cbf76dd018ea18ad0a986c
SHA512

f307aea4a000849fc145ffefbb3455e037bcaee2087cc167a4f2207cd899d20f47b51a113b14d9d101ff60d7d72e4bd150bc159309cf9fac285c9ac55f4daa96
SSDEEP

196608:17S0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:17RrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fabd53993e04eeb2b5fb9a462299e3e57d8922ccc9cbf76dd018ea18ad0a986c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3384	fabd53993e04eeb2b5fb9a462299e3e57d8922ccc9cbf76dd018ea18ad0a986c.exe

C:\Users\Admin\AppData\Local\Temp\fabd53993e04eeb2b5fb9a462299e3e57d8922ccc9cbf76dd018ea18ad0a986c.exe
"C:\Users\Admin\AppData\Local\Temp\fabd53993e04eeb2b5fb9a462299e3e57d8922ccc9cbf76dd018ea18ad0a986c.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
f950b980812525d9363ea73261fcb2c4

SHA1
17e708e418a594f3cfd992e8473f70988c610dcf

SHA256
0d006e25982d9dc61276de4922f9e0f14e9cdf38be91e2e62268543ae1bc12be

SHA512
207f72915a68edfaaa67d5c2f427a84db6b293cbf691e9960912fc35bd574148b5a8c3713d3fd4c2b14a8ddf29087ca6710e9fa7f62e404994323f71ddfbec63

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
65953695decab3163843fe809f3fb47d

SHA1
e4714d44fd19136a3fbd0a8d9fb3a9180dc942b1

SHA256
837ae1ff736b10c77eb5a2b9c5b9a98b3c91bfe01e83905845d146f8902218a1

SHA512
e62a7f9027e52b4fb9c6363395a1e240f6b5515246e8734e54c5a04aa41e3679b6bf07ebb48261cba5966f43c5acba3e9aa28bf401d1af189c4b8f7a2acdf7ef

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
7b1fe1708f778c528d628afcf826641c

SHA1
bf0678f0a8ece899ce27895c92a1beaee5bbe609

SHA256
e0bfb08802d9336dcfea4a82471609f28027d9c3c5268be4ef67051b19b59355

SHA512
1e2e0c47cc341c33c66e7c05a4dac0cc8478656b83d70555f84780fe13ed7961c26537619a7d529239b0459ac31f4571f83c41e2c7490cb0dea32e705b9b01bf

Download Submit