f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116

Analysis

max time kernel
79s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe
Size

10.5MB
MD5

2fb670ce13457a072e0319ea474aa9d4
SHA1

c4d566f025eaafb394a583b451575b583ed3426e
SHA256

f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116
SHA512

1b653e60c2ba4205e91749feb155de7630373e7fd5f58c979398330cff2c052e35ace14669b15c618e2102caaaa025e44689b4c77f59f9d8f4e3ee504ff6607e
SSDEEP

196608:ONlYgS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4T:ONBRrDjtLKkOa8ps6puAktIzT

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3948	f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe

C:\Users\Admin\AppData\Local\Temp\f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe
"C:\Users\Admin\AppData\Local\Temp\f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
d2fbd74602918aba1a1cc26bf3d113cd

SHA1
b75c08298a703e681983d5fa27fc72626f02e31c

SHA256
b15dce73664deca00efbb60836f2e5d513a69a8a07ad00ef152fd5da10c5ac66

SHA512
a1263311eb676c25ff82b381f7dfe8b5f12d5ab2bf064ab21c9deb35fbe11740e93556f66e68f83fc6a7d674e8b3afb54e26f81b9ff9aac6aefdb06fd2e48112

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
f083fe30cf676c15730921a9047d83aa

SHA1
0c9bdbd2369586e2176bebb3fe74637ca64d7f8d

SHA256
693ae01ab37a9276d8413b34b9f9326be56198bf20681ebcb32fb27c3a5c39c9

SHA512
7e058585f57833b3205662d33319c2cb5c42419d2b4eb17d7d6772e17051a0c4a18956e73c286023bb5799247d337aff6c46ca46c6bbe28b54de2f2d173041ef

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
da5360d1801589b4a18619d7733af2ab

SHA1
16f06dc234adadaa611500445d9fd73ef07201cf

SHA256
536e1b669fd393c74ed7b578fbcfef464523c026f71d737ecb5bcc78ee094e85

SHA512
bba842e4fd600184ca2324c2b1b8d774620f47c77ab6fdec7eaf8575eca2515d5ddb0cd2c8792399f23ad982cd72663b3409a253217059382ba10de79c5be489

Download Submit