679648f825e227644fbb911afb680828d49c5ad84b7ef0a8a9174816a475c83b

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 10:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

679648f825e227644fbb911afb680828d49c5ad84b7ef0a8a9174816a475c83b.exe
Size

9.9MB
MD5

8f0791b3f4bdf6bc510ab9cd28cfdbb2
SHA1

d615210fcc57025eb4e9e3e5edcd328afa1e30b1
SHA256

679648f825e227644fbb911afb680828d49c5ad84b7ef0a8a9174816a475c83b
SHA512

d6adc28507423cb4d62e7f31fe60423eb175b4f493683dc631d4511833b4bd01e8b9bd6001279dc2f96850a707cac3cc5e2b10417fed453bf61eb93f1620fa5c
SSDEEP

196608:NfS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:NfRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	679648f825e227644fbb911afb680828d49c5ad84b7ef0a8a9174816a475c83b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2900	679648f825e227644fbb911afb680828d49c5ad84b7ef0a8a9174816a475c83b.exe

C:\Users\Admin\AppData\Local\Temp\679648f825e227644fbb911afb680828d49c5ad84b7ef0a8a9174816a475c83b.exe
"C:\Users\Admin\AppData\Local\Temp\679648f825e227644fbb911afb680828d49c5ad84b7ef0a8a9174816a475c83b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
b89d33a9b540da846262490062f93e32

SHA1
0feb97f0f629278c1700e2397aae05b48388c6a3

SHA256
1d260857615a1c7b0c7db5c04b230f3e4e283891359e454567acc12a778356b6

SHA512
1b052c3db3e8e2827f4ebe3189521f93650113cf96cac1820227468eff8a5a61b5ce935ca8b22dcd7d210b71390d3a4a1dbdff0053e9d1114e6bf0753734cb3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
9f9dd4627cc5d2bdc8357895ced2452f

SHA1
9de19ca4b4271b819ba9599febd8448940d97e50

SHA256
c2eba074aa69700b849751c5614ce0e2f857f79b18a35d2abf870b6649b1b14a

SHA512
4cb831b17369b6b7dea686d1293089c373c34f082fddd7bf9f5c4af875020e5a994d757708f7f14f0da162443df1c1445af00d8dfe5c4a7936b3fac561d93822

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c802f9da3c5b3be3d72fa74840bd4fa1

SHA1
df17bf5ff3f9e80b0ec4fd0ae39b655eb67b9044

SHA256
5f9b169002b31a7c8edfca1dfd4c5835ed7a9491b2b232c05ca4b7b2971de053

SHA512
ed2b9c7f1f0f30a9dccd189c9eb849254244fd4f7f8b554230e23995a8ffdb6057d7774acd42e7cd52c85eb8ed1e2148b8b107e756605926895c42b47f2e184b

Download Submit