e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1

Analysis

max time kernel
95s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe
Size

9.9MB
MD5

e693f244c965316c982d1d31464b89cb
SHA1

9e531d4c06867036d5b5496e5b35062f30a0b7cb
SHA256

e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1
SHA512

18fa5f12283317e0d0cb5a1edcac3d3130de6e8878e1d071154e7081b030926ffb17d09680739c8cb1d1d5616ef69143e8afa66abaaa0ea0c5207f89109e77f7
SSDEEP

196608:0s+S0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:0s+RrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3160	e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe

C:\Users\Admin\AppData\Local\Temp\e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe
"C:\Users\Admin\AppData\Local\Temp\e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
e871d14e8b30b3cb5e8af94ce3095514

SHA1
033bd6916b709dc158a0802462b6200e364d3ae2

SHA256
88b0a9f16f4494334b0ab9f3b5b8eb389d22c209a591e57e60471b68a4b3e04f

SHA512
4da64211ff8ff9a311557f398c79d2a60bf307af3e492aa4e9e338b97f6be099cf563b9cdc3d4d1645e0ff1119dd2067c63dbb19404df816620ec070ad4d09ad

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1785bf6a67c9e7c7251b8a0924d30460

SHA1
b12b613876ab77fa18444f808396529142ce4dea

SHA256
55985daa4187e6a07ea2984ce31e41baaa1a1d7a7b58bfa8388efdba59fadc79

SHA512
e7682150ee0868b45df6c63163ff85c30099aea07d2181161d8de50ea7315a3c205b076005bd22e94e000109cdaa9c199929606170c709ed1e1f4ed77c2a36a8

Download Submit