08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa.exe
Size

10.9MB
MD5

9eac40a4a89213264e37bcbf9d194eb4
SHA1

bbcfd29b80fa08795464541600d46faf02718aa8
SHA256

08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa
SHA512

bf05eb1a182ffd68a5df98d7d451cba701ed137f2cbb354c03b5309cbaf02cd2d7e2e42aaff3559c00297250d3f37afbdaad8c9367487b9bd70f7c21edf25828
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3636	08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa.exe

C:\Users\Admin\AppData\Local\Temp\08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa.exe
"C:\Users\Admin\AppData\Local\Temp\08e8be4440924c835a2c2be152c6349693f6d13f5601f5a414d5aa16f45520aa.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
ff64d06483695b5274aad5b304799777

SHA1
1b5c9d949dbaa90a7d123ce4fe4487cd0cc144d2

SHA256
6ac3b554966ddfca4e535dfb551d23d4475511cce60626cdd7b3ad69caa5326d

SHA512
57e123e39de680d5cc606b04ad83926f6b7d566e32ab3b5f5754154c5e64e00821e2e1c18b12a5831d91e2c2b3ac9f24a881e86614e88bd59be52f5261769cf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
870a279e4c272fffc590d602c7e4abe4

SHA1
3c6e9dc5f36994ab9208c28756e187e1780ed0b1

SHA256
c6e8fdd52e402afcf88a6681c4ad1fa0e99842ddc2d85194a31b0ae1f7dccc83

SHA512
efc9421b444317dc9edec864bb71fd6fa91ce8c127927a1bc3a9db1ec11be2d8b89d1231b861b02d1bdf0b6e1c5657478712c05e786d0cfd27c2ac3ed0f418c5

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
efb08f14ddb4fcc103fdf590bbf5ad91

SHA1
ec019b8b88fb0699cbc75c235e2c8400ea4fcce4

SHA256
0da3512e52f1ae07d08f379f9746a966b1004c341d6d5b5e353c91fd78a77ead

SHA512
d94cb1edd8eb53a68799587f10c0c2fbb25da9009fdfa105335c81aace0198c529ccf9415e1e946d25f069a4c43f6d29be4d5af95347433ebb08dc47bca7caf3

Download Submit