ca63022c9ae8fff57957e3ace8383ce51fad1ad12ab1cc2912ab18a620bcb8c3

Analysis

max time kernel
94s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 17:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ca63022c9ae8fff57957e3ace8383ce51fad1ad12ab1cc2912ab18a620bcb8c3.exe
Size

10.5MB
MD5

ea0e668fb2cfcb6a198b051dd274ff98
SHA1

45061d2a0f9aa6ba0e1c58b7e4a12219fb4c1345
SHA256

ca63022c9ae8fff57957e3ace8383ce51fad1ad12ab1cc2912ab18a620bcb8c3
SHA512

b01d3396902cf4f9fd9283f657336d2731e1291c8683e2a5a0e8fcd6ae6154b97b2e52589f2cfead8aa34e02b7a095d9c3491a1090f3916b56f80b4ae9af5c06
SSDEEP

196608:ONlYgS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4T:ONBRrDjtLKkOa8ps6puAktIzT

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ca63022c9ae8fff57957e3ace8383ce51fad1ad12ab1cc2912ab18a620bcb8c3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2880	ca63022c9ae8fff57957e3ace8383ce51fad1ad12ab1cc2912ab18a620bcb8c3.exe

C:\Users\Admin\AppData\Local\Temp\ca63022c9ae8fff57957e3ace8383ce51fad1ad12ab1cc2912ab18a620bcb8c3.exe
"C:\Users\Admin\AppData\Local\Temp\ca63022c9ae8fff57957e3ace8383ce51fad1ad12ab1cc2912ab18a620bcb8c3.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
c5a62818418f8b14443ffe7052dab562

SHA1
31567d9bf8069d0ceeabbb551b58fa7fb4ccf21f

SHA256
182432111c1d9ff1f74bf37a017cc1f2ade9c66153cac3996a8408ec3576b7f1

SHA512
ec3ca557742a7d0dc17967a1695ea8970a7eefed3b8b314f806f470394413c9058a0dc752abef5e2d1165ee9d39aaf65b01ac6484d3ef98b920b4e084343ea12

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
55d9d4ae2a95d290611415f83b7d65e1

SHA1
112605527d7df8753afad0ae49822d9d0920eafe

SHA256
1681f618d597697e674e4ca9da5a99526a1ec14fad3cf02aeb5876cdc1b677cb

SHA512
646394698684cc6266fee02a0ec2ef238ac4c659f5d1f22bbdcbc1e61822028236cfb4b293bf02844aec3c29ed9300381f2faf8c045b15b4de61ae63993ffa48

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
e98f622ee1c25668cbce722df740f97f

SHA1
7169d0af1dcaff65325517a13e2587a24a2a2316

SHA256
458666061ee48a6dfeeed1c97f4ac0d25ab714d790e80af196eccade510c2e2f

SHA512
38ad53cbd7e8af223d1960b185dfc8b1d97b07a14f0ec84227a10aaa2e061c5d26abba863af89bbe3fb4a893b99e89cae3a6e6cb7a0462d1ccf305b1364fe8bd

Download Submit