1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac

Analysis

max time kernel
128s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac.exe
Size

9.9MB
MD5

1f50e26c9ccefbb4420fbdefdfc8e817
SHA1

84006a3370e8f87a1fef8d61629771a0ea3634ea
SHA256

1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac
SHA512

a03cffe33f3c893f6cdd474f38961fd30ce9e11871acf126038ed242b95c836a734c74f1475e863c9eb585ad5c870c0df449d8147bd485022e4d07627a1c8601
SSDEEP

196608:yvS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:yvRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2820	1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac.exe

C:\Users\Admin\AppData\Local\Temp\1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac.exe
"C:\Users\Admin\AppData\Local\Temp\1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
37ba15bbc2194bbdd52d82b0adf61bff

SHA1
33b25d10fadf8c0aeb75e03de0a53310d5e3105b

SHA256
fe313798702b86cf8c3f5a07621527f6574091463205bf1824849e290bf37428

SHA512
5b2e2a731ac14b2a566f8a96724ce440329fc29c3460af8f1ea176b0afbe1d2899762d93caf9d801786a1e7e2cfaad60c4069d17b5996c3f3a489ecdb049f98b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
4d1470d6d1213e5d0e3df235d2851892

SHA1
24db8f7d6cbe7dfd7c9ca24eaed7927cd288d8aa

SHA256
f782d0ab814f237c84e5261e713e3cea9fdb3f4249fe1c5e5382f9d05b81a352

SHA512
e28d6337b1ad49422e38b573d0f2915b686299798b80520fec37d3e93640462f9821aeabbc7a03e3e38e6e89df4fdce15c3f1d3431ff1b46d558569b7af1fc10

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
75db42960a1899fd49c3843a8f5facc5

SHA1
0d40bc79e34958495e049577186f0cdbadf5e1e0

SHA256
f20ed083ecb4b1c122ef1b1dcfe39fe9c0298aaac6cd04e12e15a5d970f2f78e

SHA512
8afd46cc14df6e91c637cc7182c61251c4964792cea041bcfc721d59df25db43ce93161e5db7668ef96c70e586115b457ea706e078ced1d3c51cad2ffe65e532

Download Submit