59b58fd159e78440a8803a51bcbf7960ad511327fa96ef96bece3fa716ae4219

Analysis

max time kernel
121s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59b58fd159e78440a8803a51bcbf7960ad511327fa96ef96bece3fa716ae4219.exe
Size

10.9MB
MD5

6a590f45a233338520131a53248f8f65
SHA1

a45eaed1a6817fafd4d4a2f5da8bda23abc0a45a
SHA256

59b58fd159e78440a8803a51bcbf7960ad511327fa96ef96bece3fa716ae4219
SHA512

4b4399aecda1b46fa4b34489e53f70162b7a6cb5409753ebeec7a1e34f3e3c08de1fed371de5f56561d82acdc4704f16f5e912ab066b252fccb9c050c54f67ca
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	59b58fd159e78440a8803a51bcbf7960ad511327fa96ef96bece3fa716ae4219.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2096	59b58fd159e78440a8803a51bcbf7960ad511327fa96ef96bece3fa716ae4219.exe

C:\Users\Admin\AppData\Local\Temp\59b58fd159e78440a8803a51bcbf7960ad511327fa96ef96bece3fa716ae4219.exe
"C:\Users\Admin\AppData\Local\Temp\59b58fd159e78440a8803a51bcbf7960ad511327fa96ef96bece3fa716ae4219.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
4ba9f7bbea4d69034dd708478453bc38

SHA1
3b846780f7fa14cec2b1ab49eac5adbe6427ee8e

SHA256
1f792e89bd2754a0370bd597c57b88e0cc2a093aa8f0dfae40a41f1d242a1402

SHA512
f5cec50b925f3dfcb17d93fc3e61fc7b1bc93ecfa5e3393ebface48158329c6f13396508ab0cf214f877d878c0dda1c0b806f9c703ec5bc8753cd74eec7f76c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
9f044b1b78b234a4c0380d3d82cc8467

SHA1
36e519f6106fcd5d7922a1ece70a2fd080d101eb

SHA256
55acca3036f8a1b73d6d8031b42c0fe8686edb40fb7d6d3ac644441d190dbd02

SHA512
b60b160c2e3e4e9cb95553296ba8b737a131c0ce4cd644ad67b5051ee40031db52e7c18b11d387600dcd4b791325a4a97d401bb2c6952bbf092412b8c925f792

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
e3f62ffd098f928dc70dd20e2a2377cb

SHA1
64c884a0c1cf830e12d0db20ff04731b6a466eda

SHA256
5ff76b6b905888c4915f50c9f46b3b02f2e95a624e9b4d7c4e75ca8a13d63642

SHA512
6d2a1ad0c9276d593fd60e9a1bdf296d951d25923901e4553ed630f1598174eb2a97036daa1b44e7659c011f5551f383a51a745e76ad364a49a043af088ef184

Download Submit