c8b4ff901207f184d6341567a879be294e8607c8eb6bfa4f2b08ae78c7af0aab

Analysis

max time kernel
95s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8b4ff901207f184d6341567a879be294e8607c8eb6bfa4f2b08ae78c7af0aab.exe
Size

11.0MB
MD5

976d9af727f2e5d81ad0fbdde23c9a12
SHA1

c866efa6793e1d34c0cd0e1f02eaada0b78392ea
SHA256

c8b4ff901207f184d6341567a879be294e8607c8eb6bfa4f2b08ae78c7af0aab
SHA512

9e5f604dcc08b3e265d8c002c51e7da4bd3691ac4cff93ecedf6ebeba2cdadf2516fdc9e856db65a53bb87eb94a37c4d25d27b711c3d966737325e67d8847d65
SSDEEP

196608:J1WWWNNAsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:J1WdAsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c8b4ff901207f184d6341567a879be294e8607c8eb6bfa4f2b08ae78c7af0aab.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2188	c8b4ff901207f184d6341567a879be294e8607c8eb6bfa4f2b08ae78c7af0aab.exe

C:\Users\Admin\AppData\Local\Temp\c8b4ff901207f184d6341567a879be294e8607c8eb6bfa4f2b08ae78c7af0aab.exe
"C:\Users\Admin\AppData\Local\Temp\c8b4ff901207f184d6341567a879be294e8607c8eb6bfa4f2b08ae78c7af0aab.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
eea28bcd677642405585c31c6a30cd29

SHA1
eb35b191724610dee8fe03f42a10faf581224be1

SHA256
423cd3585cf1aa5712c12ec655c5b139311e8ebd8d152eebe7506ef8c18038ec

SHA512
040959bda8d3b53c0fdddc10c07db269517566ea808f8f6dae79af9d4bc9d1453fe43d00d9469b01a924c166d2d324b5e72f3fd150eab396b4a3480a2d11e964

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
12cd995173626e9581618f7211aca69e

SHA1
4c4468379fe922b17e5d5102fbc2ed203d15872f

SHA256
f8d9f98fb0c607619198c1ecacd6ef8d693811f5cda17d010e8f6e703b1bbdb0

SHA512
d0cd046c10c00281b96c5e7024dafddcaa5fdb04006988d350c9b421848ff34b66f8b2030d087a3289898a5b40fde540a38435de1d3de8ddccb39060bab5a686

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
d89f671866bc90d8596e18842041e4eb

SHA1
4f43d025f8a3b69b855d3e7eb19471a369527012

SHA256
aebc8003d826858370eb2e5420f7992c03074ca9124c10d4a0dec6f74ca441a1

SHA512
ce2e36accc29a62d799372ef57e6f5163d2b6553dde66eb0ae6e99cc8264845c03c3ffe11008dd92f4cfaba1f344a6a039ff11ad9e2ec26dbc192212d1943f92

Download Submit