08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa

Analysis

max time kernel
119s
max time network
149s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa.exe
Size

10.9MB
MD5

9eac40a4a89213264e37bcbf9d194eb4
SHA1

bbcfd29b80fa08795464541600d46faf02718aa8
SHA256

08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa
SHA512

bf05eb1a182ffd68a5df98d7d451cba701ed137f2cbb354c03b5309cbaf02cd2d7e2e42aaff3559c00297250d3f37afbdaad8c9367487b9bd70f7c21edf25828
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1288	08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa.exe

C:\Users\Admin\AppData\Local\Temp\08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa.exe
"C:\Users\Admin\AppData\Local\Temp\08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
69f55f2bf7e25d934778b54249ca4c30

SHA1
4fb090c43c3d77ab978ad11a26abb387c2673a69

SHA256
9cdedfe6f21ad0d259c7b50ddc513dc285c0ae812c2a5954afd8eac242244e4e

SHA512
d515c46f8e549ad1bef476235782be1b40bdd26e60c4b369643ec31bea842004f778a763941e942d9dee09aa5b07bc92b9db17ab48759dd8df706ce7e51c4787

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
74ffb916cda531a3d2b47fc4ac4311df

SHA1
335eea71e8cd1023b06289a2a2be87e4cb524e88

SHA256
837af35da17294e9db1ae09f23ee309ff7a5bf1ec6b9c28583e5c6883507a866

SHA512
817450e57af10ba2e0598cd942d390e4d73404ee932143a1dcc35ab8d3d93dc733bc370a0efb3c7fd8b8c85d52c2bd243c86a1f4feba25340188ad70dad880a6

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
473c95ec45192915c8c080dd9bc9d99c

SHA1
b41d6bcb4f8cfe080cc47f47a2a63baadd086920

SHA256
5a53515aa384d4292a75c41b3c54176c986832c3da9b2b594ed7f462e8bcfd21

SHA512
cdae1a66fb6feec56e7eb9f080aa0ba759e81d8e5a4cf10337ba903c159579fc2e746ed5bf08a650efb481cbd930089387a9b5458cd98e1cae16f64798fa4619

Download Submit