1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac.exe
Size

9.9MB
MD5

1f50e26c9ccefbb4420fbdefdfc8e817
SHA1

84006a3370e8f87a1fef8d61629771a0ea3634ea
SHA256

1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac
SHA512

a03cffe33f3c893f6cdd474f38961fd30ce9e11871acf126038ed242b95c836a734c74f1475e863c9eb585ad5c870c0df449d8147bd485022e4d07627a1c8601
SSDEEP

196608:yvS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:yvRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3980	1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac.exe

C:\Users\Admin\AppData\Local\Temp\1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac.exe
"C:\Users\Admin\AppData\Local\Temp\1dae4a752bfb13ce0271493431591318b6e131a264f3a122a0cbbb891924bdac.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
22f1cd463c99ac2a7585e695ef88d9e3

SHA1
f560e590a3db49c7c38dc852497fb9255c4958ea

SHA256
5823bb836f4297729144a6f1b139841c0a14e94c8b8107017156071cf388dafe

SHA512
db6fed99485259451cf68fac7e3113ea8906a584fd87c3b3036a843ad996d5667b8b4eb1151e6223afff02a0caea083078a4dc0d132ebe2124248516c8051429

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
4ba49f109eebc7492993881efaa42286

SHA1
2b7d98e037611d8d1be9ed428c05e288c59d2c34

SHA256
c2aadced031756bdb54758b1214e76f68164715d9ba188f6d7ca0995f3b9e0ec

SHA512
19804a2f448c6dd70964496c57119135ad5bd6467d6f27a40e7128347fec22179c33df7a86a881d1125806084fdc6d43ba3e871f0dd3a321828c96f92ac16725

Download Submit