25556767f3d73cabfb87f75723b9ec1c0ac21d815952ef4eadf047ff4a4e9681

Analysis

max time kernel
94s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25556767f3d73cabfb87f75723b9ec1c0ac21d815952ef4eadf047ff4a4e9681.exe
Size

9.9MB
MD5

4a3d213e89434076fcc8f1daef34a21b
SHA1

456605215f9bd945ebce309f4a356c675edec130
SHA256

25556767f3d73cabfb87f75723b9ec1c0ac21d815952ef4eadf047ff4a4e9681
SHA512

063b20cd356a53801b8084f8319313cbc1a4b327de13dbc93c2369abb8142d16d5b66b974a1cdfe480fd61ae1394551bcb8e99128c448b0179f7451fa0e6c2b4
SSDEEP

196608:NfS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:NfRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	25556767f3d73cabfb87f75723b9ec1c0ac21d815952ef4eadf047ff4a4e9681.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2136	25556767f3d73cabfb87f75723b9ec1c0ac21d815952ef4eadf047ff4a4e9681.exe

C:\Users\Admin\AppData\Local\Temp\25556767f3d73cabfb87f75723b9ec1c0ac21d815952ef4eadf047ff4a4e9681.exe
"C:\Users\Admin\AppData\Local\Temp\25556767f3d73cabfb87f75723b9ec1c0ac21d815952ef4eadf047ff4a4e9681.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
84f55fb2e6877972b3e73553ed6fcac5

SHA1
70a6b3ec00a7e660ed76c5e9c8a3b313b896c727

SHA256
979f12c2db1579aaaf0cecaac07787eb0ca53240b7e9af6e128470444c1d35b9

SHA512
7d38d1851026382e765e15cca7fae601bf557f0ae0c9626bf5c0b6acee56630718fc547160f52fc9c674430b51ab9109867b4176e1aa70507fc2b3f97ebdc782

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
78545586153a6e3945015bad5ae93a5d

SHA1
f9e5205cf46079b5c247a36e701bbf73ba7eeaaa

SHA256
b054abe7471ef585bd390076c46d4068a271fecbb30516c218a3acce6e449b31

SHA512
f625280f6541b9a6e597d22055e64841ae37f39a9ad9cdf4fedb225d7430e490747bcf4d86978b5d54ecdf9e7f60fbeafcb1d439b59f984fa4376e54d341a5e5

Download Submit