2139f67e812d98df83b9ee0ed291a44cc2798bbda40bc5d3f81ea5913b2d6ebb

Analysis

max time kernel
101s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 23:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2139f67e812d98df83b9ee0ed291a44cc2798bbda40bc5d3f81ea5913b2d6ebb.exe
Size

10.9MB
MD5

b7f401192538898580327bf9c935078e
SHA1

2411ab856e2dc08e51658e6b629887161dfee48f
SHA256

2139f67e812d98df83b9ee0ed291a44cc2798bbda40bc5d3f81ea5913b2d6ebb
SHA512

8ffb9348ee57c384ab3e88d9b38ed051638351faca6443df171f1975f0988a2626cb697df21f5d0d99551921ce2c67d54bfece7bd140f03e1ed54de91108ec11
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2139f67e812d98df83b9ee0ed291a44cc2798bbda40bc5d3f81ea5913b2d6ebb.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4264	2139f67e812d98df83b9ee0ed291a44cc2798bbda40bc5d3f81ea5913b2d6ebb.exe

C:\Users\Admin\AppData\Local\Temp\2139f67e812d98df83b9ee0ed291a44cc2798bbda40bc5d3f81ea5913b2d6ebb.exe
"C:\Users\Admin\AppData\Local\Temp\2139f67e812d98df83b9ee0ed291a44cc2798bbda40bc5d3f81ea5913b2d6ebb.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
ce1f98b6b22f2049d451b0e9d82a215e

SHA1
696a0ba600ab2d42969a4c497d341484e7f60384

SHA256
c162170f871898bf9234e584d394b9f51f5f2020fa20c5d7f2e3b19f230a7fd4

SHA512
bb4e02b033ad8c832ecf3569e673417c90674a483e6f661bf7ddc0805347ae1fd9751f83220d5585423af929a1babc092eba4fa9797737acc8d51db9a533fa55

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
5c865f986012f7eabf024363e94ca5cf

SHA1
ac9b609364b7894eb60f45494abbdfe7ca2428e6

SHA256
a5a8ea59b5dce15131a13335f3baefcf4683c6046382c81322e1458a8e3a9cf5

SHA512
fa1dbbfb22c23653282363a491e8bc3bd0d619396c93ffd94beb395fa5b7cb64e239627b91f52a75a64ad8c27dca9ec24b4fa984d31f2c892f18eb16c80136bc

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
38b7e56a387a1da40b5147d00fb88be3

SHA1
153def856f163b0128bfebc79eaf372a7a5d606f

SHA256
941e24660acbd2e34e408019fea0dc3c4c32e950194ba8b5475bcaa470264871

SHA512
9ab6b0d69184d8204e60fcefe2c4dbd941b406cb1d2a9a2dc590756dbfa6d9c2266916a0b3d9a55255a2a11f6afef3f60f4e0a07c95e2fade721a5bd9f476856

Download Submit