7e3d8eae79077bc0588a6af450a585661b5e22a5f170740e9316979422a7a3f1

Analysis

max time kernel
120s
max time network
153s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e3d8eae79077bc0588a6af450a585661b5e22a5f170740e9316979422a7a3f1.exe
Size

10.0MB
MD5

ac26d8152fdce6c563823593f0f73a1b
SHA1

d65f62d4b9cbaecb26098f3f4519fb9d54816944
SHA256

7e3d8eae79077bc0588a6af450a585661b5e22a5f170740e9316979422a7a3f1
SHA512

c394fd96f1c9860e2ceb42411d385563c92a3b02bbf88e1e010adb9891c821f8fd54d9681f602e01075ff400fb0d5a20f6f31e138221ef5bc3c38e9baa3f9599
SSDEEP

196608:YeS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:YeRrDjtLKkOa8ps6puAktIz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7e3d8eae79077bc0588a6af450a585661b5e22a5f170740e9316979422a7a3f1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2192	7e3d8eae79077bc0588a6af450a585661b5e22a5f170740e9316979422a7a3f1.exe

C:\Users\Admin\AppData\Local\Temp\7e3d8eae79077bc0588a6af450a585661b5e22a5f170740e9316979422a7a3f1.exe
"C:\Users\Admin\AppData\Local\Temp\7e3d8eae79077bc0588a6af450a585661b5e22a5f170740e9316979422a7a3f1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
397cd934dc840c8eea31e8115fdd6c85

SHA1
cd3471c8bc3b4b4c9f8836652ea143a283c4e814

SHA256
e42faccf6aeb597d439c588a7043c5c456dbbb629fd347163d70f2d14d48c0bb

SHA512
a2ee04632d7a333a6f9a10f6023f0ae031ec37e09182bacfc33bdd28cd48ffe9fa893c4ec5daccafcf8c38120897534a60a4d222622814b35f20313ccb4b88ba

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1bfd8d4c7e304ed76b4d21cd8f57bdd6

SHA1
bfd4722924a21b5c44bc768c6db7cb12626162fe

SHA256
e42fb15577f4fbc4e1a0380d1a12d027423df01b46856094bb718655536ff4c0

SHA512
ecb3ceff0c1edc81aa3eaab296602f8bcee44d19d870142322083a43b6f990578962ed3a1afcf00801279cfffa7f848891de0f490dd9f296eb88ff9f9b01081f

Download Submit