ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7

Analysis

max time kernel
95s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe
Size

9.9MB
MD5

0cd2a64e1544bd865d2e4f6d2ec7fc61
SHA1

06a3f9a49892991020f8950fb077c14f29811cf7
SHA256

ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7
SHA512

0d9077081294aa3a7589c3e82281a1829afa5ad7551f853234788c7ca8c728aaa250afb4b66035063dc0af8d3d494140424ce1535e52678df8e2fd9aaca6db2a
SSDEEP

196608:IsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:IsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1852	ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe

C:\Users\Admin\AppData\Local\Temp\ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe
"C:\Users\Admin\AppData\Local\Temp\ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
41384b7bea9e2c75d0963fa743741f78

SHA1
ca28a38bd6ef02235afb1cad3e4d59018f77494c

SHA256
8ea6da9ea488100a405f1aa5d4d8c152df9bcc8b47f227b06cadfa8e58e9964c

SHA512
a2cadd35553715088291a1fdf01e13606360bbfe75170393fd970e2d76fd90d25a52d6cc94f7a80dc5905cffb52186d202c999c7e48d52f531894ee5e2d4e42e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
0b0539d27f623b39b62f33f1d5c7f65b

SHA1
ee37f9ae3cd59e130cfbb8fab76222c5eece400b

SHA256
52eb7499f6a01ca2571bd13068621288e9422bb0e323847c93297035584177a1

SHA512
99744a1c16554046d4993c5db6ef0e14e0a1de3a54ce2452d65d8f540f4b9a562a9ca02ed11ab1337dec4b4db63814c98f32237d63f72cd647ffc15a9a72c240

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
53cbc46977b1bffdd9cc6de0b08c93ff

SHA1
da5dcbf2ec587ba452b1e2b8da820deb213ff770

SHA256
c82e9d07cd3d9eb71152af9bc4326e4d82bf7c4975b216dfb80d512668c50017

SHA512
03b93d9b814903db8a0d07aa21526c922fb90f344ebf2419c5f1698fae060601778d25cc9ab9d96c71d5f2b5b567e422682f7068db40aebffad5462aa1803e27

Download Submit