ffc902a6b56c6642af6863dfdb314ad497ce52a01c52f6a6ff271b63a8cb0056

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 19:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ffc902a6b56c6642af6863dfdb314ad497ce52a01c52f6a6ff271b63a8cb0056.exe
Size

7.8MB
MD5

bf43980e533fb5b2898df3203d10a46b
SHA1

c8fb53aaaa9b08e31e7a2fae5ce594a605deb45c
SHA256

ffc902a6b56c6642af6863dfdb314ad497ce52a01c52f6a6ff271b63a8cb0056
SHA512

00949a207f4ca2ef5bd80927afd0736beac219acfadb3422a788996bd7fa7d71c04e7cf47c284caa2aaa333b5e429a51b6ed28f221d883a31a94efb24c38e06a
SSDEEP

98304:T0yTwTg5JOOgbQjLoJnNkPSxZUGYOh8NbFPAQwDfWw08dGODav43c9Ns:Tp7LCmPSxZUGYOeNlA7W38NDaW8N

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ffc902a6b56c6642af6863dfdb314ad497ce52a01c52f6a6ff271b63a8cb0056.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1452	ffc902a6b56c6642af6863dfdb314ad497ce52a01c52f6a6ff271b63a8cb0056.exe

C:\Users\Admin\AppData\Local\Temp\ffc902a6b56c6642af6863dfdb314ad497ce52a01c52f6a6ff271b63a8cb0056.exe
"C:\Users\Admin\AppData\Local\Temp\ffc902a6b56c6642af6863dfdb314ad497ce52a01c52f6a6ff271b63a8cb0056.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
59903a154baf116797962db50df9dbf3

SHA1
c83879ec62a2f52340945c6918acb7cafd96cace

SHA256
3c414db86df0d7168d1f61ace866e4ffa8b1888b5f8ac5fee9d9c5638b535d79

SHA512
3cbdfa1e931b446032554e99cae429d656dabc8c391305ae08c62b30ce5003f458fe821257958af2e636c2021340cabf866a025bbc89e4cefe02f13e17bd2264

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
54d3893f5926b0f0a356b8aace2d13d7

SHA1
0b6af954d78adf2717ceb97ab30bb6d980da5d14

SHA256
4f335d880fde6ee8ae016d46f5b8dc328d6635e5ddbc7792d572f52fbdd4861c

SHA512
2dee705b0850d404b140ae5d47b7c113585195dd8ab7f79714eb2322e50dfb0c2a3ea02a447f61ecc27716eddb83b984f032219671d218086a4b09af088c32af

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
0e33997a066ffb66f8b5911ce91eba60

SHA1
07279a89364c8ef2f62df508e5082da4526f1c4c

SHA256
0847ed5333633bcfaa55ce611705121cf0440ac36a9fb96c7e8f8c5bae2afc31

SHA512
0bc87bf7cae3394e92fa9d63be8d8ddb634d63e39163348c51d937350dbdc2d18ab309f691bbcb5b0198a273e76d3d607becae055fb2eac6fcb7ced48ea0b67a

Download Submit