9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35

Analysis

max time kernel
96s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe
Size

9.9MB
MD5

1460d169b4e85d2c5ace8ff4f96e76f1
SHA1

7f4c6f58aada84e42cb9f20e39733d1321829955
SHA256

9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35
SHA512

6980e8fc7d0391ad8975580b01ada9d4b6f8b627370e45fc7ec666bb1a41cf4d095beb2e910dd458d014754156964112b09bf60250c8c27f4b42d6b584ea2d2f
SSDEEP

196608:yvS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:yvRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1060	9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe

C:\Users\Admin\AppData\Local\Temp\9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe
"C:\Users\Admin\AppData\Local\Temp\9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
7c3581cdd20432abcfffd2286f44a91f

SHA1
da531412641c9be1f20db06d3d71107155656eeb

SHA256
0fc37956bb794fd4fd3a6bfc8172f9b57112d875b4724b5fc00a284c0cab18e3

SHA512
bce875cb86566f964c2f5339ea5c09218c0d42e6f64b99e325e4f59db3d8ed3cfd49e1f922df6b54814ed14bd4ec088b0d2be7087f7046f7e750ce89d8ee43f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
2fe0e12860b69192698cc23bb3e34694

SHA1
e735de81fde08520bc84da6f051fa48a43ef53f4

SHA256
4b168ab2b0c9eb251ba58e36be24943bcf2fdd3e613090d7150d31d2d871bf92

SHA512
5931f091678d014fa7d5cb5be06d9bdf1a434f29f9f4d8517b8e24b3fee9691095b653e6a22ad6b6252638a8fa68a7b92bc8db360fe4f72f2e93b2fa67734cea

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
077b91b403832370daa65ac840efb055

SHA1
764e41c0f49435df945ca7cfa1f2878d98d0a646

SHA256
4c9de4d1eb5348c2b8b457d3fd729e260aa6f262ce4765ebdbc33aa23595e2fe

SHA512
e0f1295bed15ac1b33149da8dd6764fcfe968ebfa7b332b95255d892c55d4b496cf5d0ffaf3bbdffabc47f7e96e0a8c8bbc86d78682d5f93bd4c4ab0cca5ceac

Download Submit