ad2af99ef5d554d2d77f8e7d5aea258bdbce396a1a60964718bdc9e40e2478de

Analysis

max time kernel
95s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 16:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ad2af99ef5d554d2d77f8e7d5aea258bdbce396a1a60964718bdc9e40e2478de.exe
Size

10.9MB
MD5

ae37bad12f358c8894e41e2df38eee3e
SHA1

3f97e30c93119768fd87ac2f046dcd70180995c6
SHA256

ad2af99ef5d554d2d77f8e7d5aea258bdbce396a1a60964718bdc9e40e2478de
SHA512

62c3e6e001ba5cacc5cfaa5870e821c2baf87f730bf103b699f19feb740e2d995fd774dc5d940edfae01f4fe33863250bae85b7bded4ac0dabba73d457fed85b
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ad2af99ef5d554d2d77f8e7d5aea258bdbce396a1a60964718bdc9e40e2478de.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
980	ad2af99ef5d554d2d77f8e7d5aea258bdbce396a1a60964718bdc9e40e2478de.exe

C:\Users\Admin\AppData\Local\Temp\ad2af99ef5d554d2d77f8e7d5aea258bdbce396a1a60964718bdc9e40e2478de.exe
"C:\Users\Admin\AppData\Local\Temp\ad2af99ef5d554d2d77f8e7d5aea258bdbce396a1a60964718bdc9e40e2478de.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
e342233de00783339d0706e8c9322018

SHA1
c459e8c2cf239103f9282f3dfa84be2d34a1c720

SHA256
d204e00b95c3d5adbe504b93afe474d6b678378cf8237cb74116bb2d4d8f9a11

SHA512
e194dd16ae296113cdae750541375326b503c8d5911246f6f2f68a504a7d375dab15a87bba4b0f33692a196c93ea46827173bfeb75593f45e1542b438d62cb11

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
a5543f12ca54ce71ae3d2fd77c37049d

SHA1
e3237bfc127947952a59b89a766aa2d739e3ec53

SHA256
27203b9e18edf4334ad7360fcba9a5b2af81b5a6d9755b330729fe3c7ac506b1

SHA512
3af08b8dcd3f34d7069e4e29cf044cd927c2fedf091e5849779eb6fd1d8e5747afb745a56f889e0ea96f3038029d0d1d8d33961da1f10bf9ff54c6c8c2e2485b

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1290bed1bb868240b1f0483404f109ae

SHA1
7f70bd5d12bfcf55c528d8dcf59731a4691880e2

SHA256
7341910bdb41c69f69147c9b50ae88852e5adc33ef39dfd53265b8b5fde4a8c3

SHA512
4e8171c0c18f84f997210f64ca5ee3d5bc1fb24d11ab08724d2918e42b218253ab8adcf5142373520a31efdd335780d539e0369098e889aef0eb8cd665d79110

Download Submit