5d88f90592ca871ce6e6023fe8df56a55d85b620a1e42d6c34184fa128162d64

Analysis

max time kernel
93s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d88f90592ca871ce6e6023fe8df56a55d85b620a1e42d6c34184fa128162d64.exe
Size

7.8MB
MD5

a5765f93a5398c7000e3e71a9ddd7cdf
SHA1

0a7b948de48ecae40aaa045f2118a24df26d7a5c
SHA256

5d88f90592ca871ce6e6023fe8df56a55d85b620a1e42d6c34184fa128162d64
SHA512

d0cd751217039cc175437ead797a3f80d96bf321cbc98ff62667253991771a8815b906bbc2c18640a9b9532b7e1cd34d72f47cf805c39a567196d2605e6173a4
SSDEEP

98304:T0yTwTg5JOOgbQjLoJnNkPSxZUGYOh8NbFPAQwDfWw08dGODav43c9Ns:Tp7LCmPSxZUGYOeNlA7W38NDaW8N

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5d88f90592ca871ce6e6023fe8df56a55d85b620a1e42d6c34184fa128162d64.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2392	5d88f90592ca871ce6e6023fe8df56a55d85b620a1e42d6c34184fa128162d64.exe

C:\Users\Admin\AppData\Local\Temp\5d88f90592ca871ce6e6023fe8df56a55d85b620a1e42d6c34184fa128162d64.exe
"C:\Users\Admin\AppData\Local\Temp\5d88f90592ca871ce6e6023fe8df56a55d85b620a1e42d6c34184fa128162d64.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
408d0b98473a65e2cb746c20c2abab65

SHA1
e57072a965dbcee435d06444b167bf64abe20d61

SHA256
14affcab861aad826c5066e3a7865058bea30068c6695136eb90654f9ca2fe35

SHA512
5990c81c8d181ecfc286a12e5efd3cbd60347a2ebf935e59c0c52a903f98fa48711dc1cd3cc9eeb567bf4b52b9eae8ec85e31fa5e8682b90a969d746eac0c1fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
4f6e539c1aaa0f23b9865c88c0988f0c

SHA1
640484e0deb44e9bfecb772030f15c92a58a92bf

SHA256
b8899062aaa163495116fd75553ea3aeb69bbad25c431007e594da7e58b2915f

SHA512
f82fe7c12176301913a94f688db16dd5217133f12d2348db5ae12c9e92ae503b0341cd671874bacab38dd665acb69d830b7ea257455474d4eef33220079ba540

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1fe4db0f654c96ea09ff741364c909d3

SHA1
fc55d6db3a619256eb171456293c626089b584c2

SHA256
3b8a8a030834655f98e3f676dd8b08c6505b41920cb6166ecad23eb3ddb6806a

SHA512
f29d86a1951a3f26cc081bc17cb3d7452a839303f5cb9f800e1b01e8bbd7cf053a4b9084a4ae0102604ba5e5e652124f72c1d1a1fc058e2f80f0427091277721

Download Submit