0b975dc9d8601a50dfb199390e3122e749dce3f827d74f3cdf0a1d4c28bce1e9

Analysis

max time kernel
108s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 23:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b975dc9d8601a50dfb199390e3122e749dce3f827d74f3cdf0a1d4c28bce1e9.exe
Size

10.0MB
MD5

9211bc57af25920f0424cc645d8ff0d1
SHA1

d36b77948c5fb216aaefeaa8dc222d3867d50357
SHA256

0b975dc9d8601a50dfb199390e3122e749dce3f827d74f3cdf0a1d4c28bce1e9
SHA512

591506c95309e52b2772dde60e53510f758188fd29569ec570fe8629fbeddd65d89c0e3f58fb272593ac04cc3c8ecc57366645f271567d9f719152828700e35d
SSDEEP

196608:SuS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:SuRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b975dc9d8601a50dfb199390e3122e749dce3f827d74f3cdf0a1d4c28bce1e9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3152	0b975dc9d8601a50dfb199390e3122e749dce3f827d74f3cdf0a1d4c28bce1e9.exe

C:\Users\Admin\AppData\Local\Temp\0b975dc9d8601a50dfb199390e3122e749dce3f827d74f3cdf0a1d4c28bce1e9.exe
"C:\Users\Admin\AppData\Local\Temp\0b975dc9d8601a50dfb199390e3122e749dce3f827d74f3cdf0a1d4c28bce1e9.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
b16e9167870e052ed0991268cf56a13b

SHA1
4bd661fa66a89c974e8faf20ca15bc131d5cdd77

SHA256
17084d4f373cfd923277fe1edfe30e9bc81ab333daf459b3d9bbcd87b86cac9f

SHA512
3e8a7141c519762c2da615d8c959b166dc76cbbaa6630a686a420684168cb36a229c7d85c77c564bb828368cb6e9013a31f834ee1a8bc72adb055442d8d540e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
1792ad479f3274f6e1cfef979a64d42b

SHA1
669a37ff0f952b7ab580d73f54d130f1185091be

SHA256
62145ee850bdef7255eef4f9ce3984f1a8d8707904830973e930503c05bb0243

SHA512
b328b9ac4558cfe6e0cd13d9ad7e486150da55140ffdadcafc924d4adab7692436c8b5dc5563749b54f3b2379b02eac912926d91ac0e7134225f16b57a125ff9

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
242677a5ba637c19144bf600e434ec2b

SHA1
0c6a2467dfbdfa1d1ea4d4932c3989789020320a

SHA256
265bc61da8af68cbb0f2af421e45a71ac0cb1675ad9c1151d44b263f5c598512

SHA512
2598e353119bd79a2ffd1d2ec2bcc0ce073a20999d2128f7aa246a7580a1a9c6ec90ccec21635c804418049995d8cc2850eabda58aba1afa6c677badb905e6b6

Download Submit