a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a

Analysis

max time kernel
96s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe
Size

9.9MB
MD5

e69796636ce6ad47851bfdb88ef05b5f
SHA1

ed18bfdb4a4f824c38783fd23e75f131fa1caaad
SHA256

a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a
SHA512

5d77a38b04b9a2df10f39be1db26b3d590289fa3d0bdec9094e21e83846d8fc9f90e3b5e464d1a53c6250d2ff2da3e6c27d10a366d19fee7b422d156af464400
SSDEEP

196608:IsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:IsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2480	a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe

C:\Users\Admin\AppData\Local\Temp\a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe
"C:\Users\Admin\AppData\Local\Temp\a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
dd7bb3718f41659dd9f47633e452b927

SHA1
31e3fd8153d572990b75042f0dadf3fc6e364fc1

SHA256
5f6d3f76858821bfa9e67133b129d300a1c7f57076faa82208850580aaed9952

SHA512
77fb3e3dc07e01d6ac83bdee8c73343ec138a698ea5a2f8cf252586b135d8f759acc0da44002afe6e9e34244879c43b882e55d9f41fe8867fe3690d8d07baee1

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
b8e2365f2aea24db2940dc7172e9da4a

SHA1
60f45946378fedf4bea34a24e99692a290fd1852

SHA256
93e0fd63a410406aae76805387964bbd6be8663fedef4289662268c7af111d3e

SHA512
36b86780989e0ccd1ebc68d4da67444b337b5e51040d2798fbe0db6597ad44aa241f0b6d1d828ef84cc5bea77709be4a488750458e7f7faf24c5373cbe50c8f9

Download Submit