ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6

Analysis

max time kernel
91s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe
Size

9.6MB
MD5

e80369709da8ca5c3ad3c005f700d004
SHA1

c41017769043d172e74b60813f799110fc8e8933
SHA256

ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6
SHA512

eaa691c33cf8247bcb362f1bd8f6c5769cb3e2f43eb0ce5b61d75b42679ed366a3c8589cfb7208403ed47772c2211f73acbf3433f361f9eb0caca625a4f10b7a
SSDEEP

98304:jUbzNQaG3nynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vVGyWWyfJpr8B:eaSSJ7PbDdh0HtQba8z1sjzkAilU4I4

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2528	ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe

C:\Users\Admin\AppData\Local\Temp\ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe
"C:\Users\Admin\AppData\Local\Temp\ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
d6c14cddbd4146cbd3f5126e5f47a44a

SHA1
645b7e6e6856b7a4a4370ad53724b3c53163fada

SHA256
4a2d31513bce021a1c02c93300453d2868cffc50441d1c96ff4fe2dbed192f7b

SHA512
015cdf0cc2db9794904269d9f8ce74a449733fef90d81a3852d68ea29b07506b0ddbf48bdbbd6103ec6e892629658af3f33b3771be35a0d216535e1650f9e975

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
a8b427e51fef3aacd9fdcd6866129dd1

SHA1
2f7f40341393f37be27959e6def0eae3481f4c8d

SHA256
80adeec1f061cea31104872b9bb1b864379cd104c16771a80eb258db0ba51c5d

SHA512
2cfee7a7cc825ecedc427ee18ce2327950209af29ae89996ada029878c8f0b10b7f82c6c8499d649c82082245dc46b86dca25f6a882dd0e45279af39592c890c

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1f82700a580b2aae6529c52293449f06

SHA1
da0456454b2abba2a45e445c343e29db0038e74d

SHA256
d9b094d57db7d8376584c8f92e2afbd1915fa59d04640447a3a6705b32c16a8d

SHA512
d873535e2abf6370aa96d99b59cd06749227ec3ed037cd6cd8a1b5b5a01aa111de4c20cf1b32c71e7f1af972fa435673b55d6f9259fda845ac87a16ac96f390b

Download Submit