c7434a1b03c54ab50cf971846d7bc68e002e0e78c3f0b04461ed6634d06eede5

Analysis

max time kernel
132s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7434a1b03c54ab50cf971846d7bc68e002e0e78c3f0b04461ed6634d06eede5.exe
Size

10.9MB
MD5

00c21233a09ea42a43f3ddf142388b73
SHA1

1942a3ce034f31def38d417d338a33791d6928f2
SHA256

c7434a1b03c54ab50cf971846d7bc68e002e0e78c3f0b04461ed6634d06eede5
SHA512

58931b715c82bb78976c127c17765b4a9a76a03e2113aaa0495650f946457888ee7b91528b2a93395f57275ada11c0af802f15c7080393aecdd5068b1d4c4334
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c7434a1b03c54ab50cf971846d7bc68e002e0e78c3f0b04461ed6634d06eede5.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2300	c7434a1b03c54ab50cf971846d7bc68e002e0e78c3f0b04461ed6634d06eede5.exe

C:\Users\Admin\AppData\Local\Temp\c7434a1b03c54ab50cf971846d7bc68e002e0e78c3f0b04461ed6634d06eede5.exe
"C:\Users\Admin\AppData\Local\Temp\c7434a1b03c54ab50cf971846d7bc68e002e0e78c3f0b04461ed6634d06eede5.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
dbdc69de61d399f8fa65e5fb1315967b

SHA1
71d68396ef6395417108e44cbc5c8dafb874b36e

SHA256
d8ebd59851938eabee18132ec7c5ac96702c4a6e32a600f90b2eadca3834fd07

SHA512
010255396d9ce8419dc43cc0dd87f7ebe9cdda42169b0d6b5a82b4ff1e72807075ef7bb446dfae277c12245b441463c7f51232558e0846630acd2b41c797bf68

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
096ca789b3983c0b2e3ae764dc2f43ad

SHA1
4c62d896a5c1bc28d7e65cc0372270318fb470f3

SHA256
e79880e8d075fe4e5e14471d58a073b8dcc78c5e1f95f9d053d14df31b95aa7f

SHA512
b9598b50dc5a11f6bc63311f5064ccf3407530a727c306acf7bda37b5d32f3c740f044d0016b05ae531bb24ad04c19c1b7917ecc4ab12dd5b9c8f658941b3101

Download Submit