e458837bbfae88fdf6971734a91d9a598e3ce03933fdaa8b74019cf50d0ff5b3

Analysis

max time kernel
94s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e458837bbfae88fdf6971734a91d9a598e3ce03933fdaa8b74019cf50d0ff5b3.exe
Size

9.9MB
MD5

29a53a7bbcfeb43a331fe8bb06bd6195
SHA1

bd78a70d40a1732f49281f32dcfdcf29e7ca61db
SHA256

e458837bbfae88fdf6971734a91d9a598e3ce03933fdaa8b74019cf50d0ff5b3
SHA512

a9254a7252ab75c4d369cb647d221cf513b18a115f1c176221a8407afcd519d0b42a51381f8790325eacb0dba4e6a39a75c21f38ab76c4b84d503ef9407c980f
SSDEEP

196608:NfS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:NfRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e458837bbfae88fdf6971734a91d9a598e3ce03933fdaa8b74019cf50d0ff5b3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4952	e458837bbfae88fdf6971734a91d9a598e3ce03933fdaa8b74019cf50d0ff5b3.exe

C:\Users\Admin\AppData\Local\Temp\e458837bbfae88fdf6971734a91d9a598e3ce03933fdaa8b74019cf50d0ff5b3.exe
"C:\Users\Admin\AppData\Local\Temp\e458837bbfae88fdf6971734a91d9a598e3ce03933fdaa8b74019cf50d0ff5b3.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
773a65e392d041cbc8a75cece2a6b401

SHA1
5cb2c50a8d8c5b6fb5cee77f682d035e36879513

SHA256
71065daed18d473684e16f9b450b1461d470ecc9dec3574daebfe9d806cc893e

SHA512
7ec12765da8c8d67b0792e4af416eddd1e4e62139bf07d600478c76a53dc7bc952352f9dd56a6f80269b2fed8d6178f63fada8d167626f5fe71845e4bf3efd5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
6c6ff203c828a2ceff803299593e432b

SHA1
91ad79f2edc92cab8846c5ef1578e848fcfbe967

SHA256
b63ebebf95b2695cfba0a8684648305e15cf1d95241b19254be09e6eb4b78245

SHA512
782ef49cfd11cfc6b0691bba4cca267675af9224b12c3d13685a1cdf536bff5293b0559e74f914052ed48a91ba77fe1ad768840b703b7c1e6087ce4fbab651ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
998efa1e3ad7a9f7950c70345db28b47

SHA1
306019373148d3cfdc06c233eb85ff2d75b2f9a6

SHA256
94a1a3e4c9c8133f069ade9908a5a3992385f9df8581871a388cd0499d31261c

SHA512
0f99e5b7829da9d4384865022a4f551f2697ae0bb4588d5a9f97cea43528b227b1d6d6d5811266dc2f5623bb61b7fa36461eb0de14d8a55f3e9ea839b5173d38

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
a3fc96666b14552e7c5e4b525018c9f2

SHA1
341dd1de94f2112415c4d28550274f6d1eba02e9

SHA256
d63c5749dfd147d6383079ad56d5130fb72e2a2d3d6572b3c974b180d08a91db

SHA512
b16780b87c74484b4fded0c81f777b1d6c2498e2008a63aa3988c625e8921c7bb7f51f64b95e4fb565d5d8c8641994d6b4aa978a37b40ae5afaec18b7459d978

Download Submit