1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3

Analysis

max time kernel
94s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe
Size

10.9MB
MD5

94dfec38d5696b6254089ded4dcd478a
SHA1

7dc83c1fddd1cee2f6ab780c47bc6204f6d90cc0
SHA256

1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3
SHA512

ea093650984a6a25931b5d3ec7b188ce9b6220716ccf69986750dc8e8fa08fbf2e3bc21f7287449aa5d5e5412e0cd7e0433219e57ac766ebcfeddfe64e9eb60d
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5112	1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe

C:\Users\Admin\AppData\Local\Temp\1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe
"C:\Users\Admin\AppData\Local\Temp\1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
e9e407ffeeaa22b8439df01f51924da7

SHA1
59a6eda942a42e2521278ff15c55ce83d157ad83

SHA256
8ffa557c96212a80ddb85a70d4c251b75590d493817450b9110e9c727b510066

SHA512
2da618a592d6919ee9c172b7a97a54594670341f3a8c52415c5621e9e06474282e5529692a4eaabe15c13c2403e9668409d2387d0cde782c9e61e0320c98ce2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
a2c5e241d8e69a0cded4eb9c1d750459

SHA1
d8b849c2b343495b374d141d196479ca8e3304ad

SHA256
049108f2c9a05cb6442738033a68ce2882b4549d90743235b521ddfa9dbad210

SHA512
707510ff6db93a829345c00c6a6e8f08f1fb3ae4678eea937ee21802195d0eeec4d016a8c0883ac3c8d97d72ae966448c4080f0825bd67af861b7a8411500369

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
81b563dcb39fc4cbd648e56756b9412f

SHA1
dd4c6fd253a50d012e08e2965b786ff2a0ea330b

SHA256
63874e00cce9f8a31e8915c5caf32f6062ad44531a230bad4ce81b69efb54cf2

SHA512
09ca55efb18435316ab72219f4dfded34f955e5bf28e69f35a3ebf3fea00264b349b9c9d5b779b7f13851b7db68779870d9cb436434e17908bff358114ee7152

Download Submit