7655e211090c83e395fb9188d8ef643916bccb599c718903c711397a94f9c478

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7655e211090c83e395fb9188d8ef643916bccb599c718903c711397a94f9c478.exe
Size

10.9MB
MD5

94080ecfe6ac78dec893c6c1a475f25a
SHA1

de24871fe63215e4353f23970ff5b2dd085e5e9e
SHA256

7655e211090c83e395fb9188d8ef643916bccb599c718903c711397a94f9c478
SHA512

1dd5933e9af525394c7c61bdc13753bc47525ee37fc981627eccbe02248b5132e09af51726027a4c66ecd3c99775553b078b7d6e8408304c635b7297f3280f24
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7655e211090c83e395fb9188d8ef643916bccb599c718903c711397a94f9c478.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4928	7655e211090c83e395fb9188d8ef643916bccb599c718903c711397a94f9c478.exe

C:\Users\Admin\AppData\Local\Temp\7655e211090c83e395fb9188d8ef643916bccb599c718903c711397a94f9c478.exe
"C:\Users\Admin\AppData\Local\Temp\7655e211090c83e395fb9188d8ef643916bccb599c718903c711397a94f9c478.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
42fb3b0065205d0dbab32c2acb0a1e93

SHA1
ad6c728d6e75e50062db93a854631962fa30e615

SHA256
9cba2adcf06900ec9d44539fa69cd608b03407067e28c5065173afd1f820240a

SHA512
75b3cefce13e00764b542753806a768bc50c66ce637cabacca158a0ee6c31ad5ae46433c05bb40d03abb7d2351b9500ce5625d6ebc780a845f5564ecae0f2c51

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
036317124eb71d6f5706a2cd5a65a655

SHA1
8ed18cfd8624dc3e8a99ac5b089a3542dad4c6fc

SHA256
856296c3c3ffa61b6c436b8bf435b6498a17b8c1693660613d44065a15b35892

SHA512
73748479804e419cb9ddbe4961065d9063912eb774bc372b11bf75d2e6076f003d64c50bffd90693ed1c6a6bea3029a50d70feee9341ec04e40c1b4fe3620099

Download Submit