4d74985d2618ea8ebdcd4f7ca2408670d3c2a60bfbb708f56fc08ac42f501933

Analysis

max time kernel
135s
max time network
147s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d74985d2618ea8ebdcd4f7ca2408670d3c2a60bfbb708f56fc08ac42f501933.exe
Size

10.9MB
MD5

61d67ba8efb6086283fca91ae72df347
SHA1

702e00f2c5f97682e5a536f70388868240bb800b
SHA256

4d74985d2618ea8ebdcd4f7ca2408670d3c2a60bfbb708f56fc08ac42f501933
SHA512

60aadbf6423f1d4d2e88ec06051402cacfa007140148e37c89caa231c7a3c3e0f92174146f42b26b10c43abf18ac07371e8875603714ed090a9881e05afe1781
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d74985d2618ea8ebdcd4f7ca2408670d3c2a60bfbb708f56fc08ac42f501933.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2088	4d74985d2618ea8ebdcd4f7ca2408670d3c2a60bfbb708f56fc08ac42f501933.exe

C:\Users\Admin\AppData\Local\Temp\4d74985d2618ea8ebdcd4f7ca2408670d3c2a60bfbb708f56fc08ac42f501933.exe
"C:\Users\Admin\AppData\Local\Temp\4d74985d2618ea8ebdcd4f7ca2408670d3c2a60bfbb708f56fc08ac42f501933.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
fa20bbd8b1af6f39f43251bbdb16e13c

SHA1
b9438cd1b0ac9833abb38b894a336634dac12c1d

SHA256
9a7acb10732392310fcac5cddae33156db0127e0c2d31f98d94a9bbfa755e74e

SHA512
1fb6d7675025a4031a5af413a9f9eef51d2c46957d865e7f1ce5f609f92e8ba47d3a8d406b27a68f1ddc087e5f7a3d22aa789a5ff94e2071407933827d6afec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
89af04b0b463b160f9050978193c9bb2

SHA1
53eeba6cee036c7ba485905c8f1cc3a92da9568b

SHA256
17c29d3235e7a4041f15052c347012a66d1a4a0d40bf2629d01158ab213792b1

SHA512
582a70b9779bea437034f66954b8d8d08480c360934c75e292e94e2de8f82c1654eb2dbf1ce9dbded461d225cbd671deee6f0f0c14b8f2fe8238b6be7a0fcef6

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2bcc53c0a5af1bbc43e43ead9adf7072

SHA1
5b6be18f802a90d7ac2fa028e8265c36aaa04dfb

SHA256
13a20ed55f6425261b378578d01fc9de6696dd2c3b55ff8a62efc0e867b3f547

SHA512
82645c91c71a60337b788ff19aee94bf8f33297afd0b43fe32e8bfe4ce65f80cc493438f4a835d2358a337551bdcb37ee45b7e7dc0e994675de2e4dfe6b9edf1

Download Submit