50d1fd15f155d4479b659f6c7ba83853870248c387bfab2849422f2de77869d4

Analysis

max time kernel
92s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50d1fd15f155d4479b659f6c7ba83853870248c387bfab2849422f2de77869d4.exe
Size

10.0MB
MD5

6fad46bf73c9abb36e47e90972eede67
SHA1

d8a03b83ad063825ceab2e92eaa0945bc79bc5a0
SHA256

50d1fd15f155d4479b659f6c7ba83853870248c387bfab2849422f2de77869d4
SHA512

94b8fc5824e6eaaddf2e05172caaf32bdce026d94e0029b9df703e60f21cc4e952b272015f39199420a44e108a2b923a7a36b3825b8c092c06266f1015650c05
SSDEEP

196608:ScS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:ScRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50d1fd15f155d4479b659f6c7ba83853870248c387bfab2849422f2de77869d4.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
436	50d1fd15f155d4479b659f6c7ba83853870248c387bfab2849422f2de77869d4.exe

C:\Users\Admin\AppData\Local\Temp\50d1fd15f155d4479b659f6c7ba83853870248c387bfab2849422f2de77869d4.exe
"C:\Users\Admin\AppData\Local\Temp\50d1fd15f155d4479b659f6c7ba83853870248c387bfab2849422f2de77869d4.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
2c3ff25440b095e8789572246e35dda6

SHA1
07d8339f3c267bbc555fd43db8641e78e97dde27

SHA256
3e58032f230570bb292d6a98dfa9d0d54ce1d7881a0c7654a2b60ffa3feaeaa4

SHA512
44cba27aad17f02e30d75f0dd0d1a458c999359a8b1222ccee41507c8999b0292ca67f05997c9727f71b2dc734a1059c5a573f7e7eb6db66a18ba81ec9465e44

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1dee2c4a21ab7cda7f414899892f133f

SHA1
4b209945d55005b019247f084d36e92ce0cc42cf

SHA256
7f14084575b78fcc661324278d0819811e5d40ee940d46ace9582e6eb04b99d7

SHA512
9f46cad297e39014c2fe5476d3b765c25379033b4ad393e35118ab3fce6298dbee864dc1644bd32444c1c4faffdd9be3205f3f5abcaebedabe05f3dfb3da6522

Download Submit