0c3b3d11d3a1cb8ecb91338066fb53cefbb4344611de3f097a2b69a1b1b6b298

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c3b3d11d3a1cb8ecb91338066fb53cefbb4344611de3f097a2b69a1b1b6b298.exe
Size

9.9MB
MD5

e383696c55aab2de0129d9eca6140ad8
SHA1

1d8765d2f9712fc7c03196516301dea838dab6f6
SHA256

0c3b3d11d3a1cb8ecb91338066fb53cefbb4344611de3f097a2b69a1b1b6b298
SHA512

ef3325bc1e9289bf5d5d2fb7dfc5ac8c888180421f020f844a1dea9da312fb4bc64085ea7c3e8fc2cdb1ef38490b8e330f5f483b98eb8dddd7d1662784deb1cf
SSDEEP

196608:yvS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:yvRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0c3b3d11d3a1cb8ecb91338066fb53cefbb4344611de3f097a2b69a1b1b6b298.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4520	0c3b3d11d3a1cb8ecb91338066fb53cefbb4344611de3f097a2b69a1b1b6b298.exe

C:\Users\Admin\AppData\Local\Temp\0c3b3d11d3a1cb8ecb91338066fb53cefbb4344611de3f097a2b69a1b1b6b298.exe
"C:\Users\Admin\AppData\Local\Temp\0c3b3d11d3a1cb8ecb91338066fb53cefbb4344611de3f097a2b69a1b1b6b298.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
ac596feb52b027c3edd82678a1b08920

SHA1
864d9e784881c6e4dd8bcc640926e5018250c027

SHA256
b177007cb61dec83ffb76d9b7890f65079c0005993c1e60461602df7a2f46d19

SHA512
2d82d4f99a21ef88d08339367c34a708e7d99b60e6ea824020e91c9b07c4b014ae6f3ade7551be04e27704520d9c98b6eebdd7f844c00dcbb85bbad1c8e39e85

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
be0a2ea6d73502110abb1c0448478963

SHA1
e8afe7c84dfe4ee0647f7bf641f7d338949184c8

SHA256
8e5a5eb1ee7eb23f3d5696620f1a58f57fc65ccbce7c78cf55dfb580e590f08c

SHA512
7a82120a41b107e65f365e4609fef5c63a4b000f3788c500986f94a5311194851a9727a788c029198b92c13a101a3b746d015b41c77da7e903e61c20d40d232e

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2e7d308fe23dce6de7e915be757ada92

SHA1
9434b0d7cc0581a23cbb3a18cadcf7d6d22b6c18

SHA256
a4c26c49ae6b0b911c4644f53cc40fd5214122ad9f89579c145cd0a324791b3f

SHA512
16702e158dae9f89330c6c4c7d3e76c778a584e9f74585c7de3a03fb87bc5137f2e2a247d426fdc7e9abc16bfbcb5c6176fb8b27accb562f15791a5d7468d972

Download Submit