c90f143783175c76db44e6ca5a0d78011e5242ac3134f476fc4038cbd7e65004

Analysis

max time kernel
122s
max time network
158s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 12:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c90f143783175c76db44e6ca5a0d78011e5242ac3134f476fc4038cbd7e65004.exe
Size

10.9MB
MD5

902c6b4aba0119c90b4b05f631f9bcab
SHA1

c6c43845927fe97d03fcb397646a1187b8538560
SHA256

c90f143783175c76db44e6ca5a0d78011e5242ac3134f476fc4038cbd7e65004
SHA512

44eb4bb616255e3a13f830f2ded23fc9569738b2df95c93bf54df52b52c08406fa24abd306b6b24891961e5366031e9d92ae076b7f17604d755dcaed0872bc27
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c90f143783175c76db44e6ca5a0d78011e5242ac3134f476fc4038cbd7e65004.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2732	c90f143783175c76db44e6ca5a0d78011e5242ac3134f476fc4038cbd7e65004.exe

C:\Users\Admin\AppData\Local\Temp\c90f143783175c76db44e6ca5a0d78011e5242ac3134f476fc4038cbd7e65004.exe
"C:\Users\Admin\AppData\Local\Temp\c90f143783175c76db44e6ca5a0d78011e5242ac3134f476fc4038cbd7e65004.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
493133bbbd35ff3b00cd594d3017f51a

SHA1
915dd9e5167666d7518e8df47f142346c4e5ae96

SHA256
347c47f7d61874dda08093e76f44e30ddee1e8242f35bc3888cda5c8c11b46ae

SHA512
9ce764523623a091554fa0078557ea3a37fa8244ad39dd83b38d320c28cbd319839a7989508e361e7977e2e03035b0938b7ecf15b166cc6597f9d08ef1d93271

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
1170455eb15f019ee0c93c2ee764edd5

SHA1
6c906fd177cc6a4f45ed28c5b9ce9221494bcb6f

SHA256
b5380e7edb83a4513e6b9fd3ec6f75fb5485c91e0b05083f9b37e496f1b112ba

SHA512
94a32fb104ab28b3e60eb32569b60918e2fb360f32d22170ca480558bb92a0c759ab9a8010146271d0421798f682d255ba384ca8f0656355b90be67700c8895f

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
9be409bf8c130533a7eb1d5914494aa4

SHA1
525eb52334de435c2915076463edbb6cef6844de

SHA256
e9ae94e0214e9937440d098652be2e1c4529ef296d149e41e5ba158da6ee032b

SHA512
9262296d7f00219483f52ca4621f50d418fd6a922d2e98bc2587d2c2edf619c3f1b2f27485da6d9b8f025697904c4ae23fa6aee9dc2bd49b89961f400df94c8d

Download Submit