f4cb53a1266dbd95d92d72c1dfadfab80530ea4c0a506d86f8517a5b0d79c4f1

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4cb53a1266dbd95d92d72c1dfadfab80530ea4c0a506d86f8517a5b0d79c4f1.exe
Size

11.0MB
MD5

8274d296ab0881aa111582cd600f7db4
SHA1

64830540654ab046cc7924c57bdfd95d24a1d6d9
SHA256

f4cb53a1266dbd95d92d72c1dfadfab80530ea4c0a506d86f8517a5b0d79c4f1
SHA512

d180b4da05c9fdd25029639b5018e1225b902327c71223e6afd7d9984eb9f99249f5fa6c111c260813c204f066e93551f7c3047f0858228368dfe61cb69b6095
SSDEEP

196608:J1WWWNNAsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:J1WdAsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4cb53a1266dbd95d92d72c1dfadfab80530ea4c0a506d86f8517a5b0d79c4f1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4456	f4cb53a1266dbd95d92d72c1dfadfab80530ea4c0a506d86f8517a5b0d79c4f1.exe

C:\Users\Admin\AppData\Local\Temp\f4cb53a1266dbd95d92d72c1dfadfab80530ea4c0a506d86f8517a5b0d79c4f1.exe
"C:\Users\Admin\AppData\Local\Temp\f4cb53a1266dbd95d92d72c1dfadfab80530ea4c0a506d86f8517a5b0d79c4f1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
cdae2d9d3db26159431accb9f5777bcb

SHA1
e68ea08bdfc6794ce5dd5c90766c8afd7fca37ec

SHA256
1eb065260a526133237ea6d37e3c927dc20e7e5e78f814f99a667659f890ad70

SHA512
16befd0aad316a8ca79a1a40ec17646badf54e4639d31daced229b56bcd2d70c7d1a38f77319ab80cb5d38d40090d5d2960b702c4c62f36fc32bb84e355922f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
3df35374c571ed0a8d7d9bddfcd7a086

SHA1
f01ecca5c43bb177e66f1c1115b101332d9be0e2

SHA256
17bf4bc398a22f945036016c6886117af02e3f5918e1e9d27a4a9cf28ac23a0f

SHA512
06b12617a56a6c75794b8824d62f0b4b87c88b9bd9729de7b18f0e0dcbad37572a168e7da6613f43b70410ff7295dc925d5e53b4ae90fbd44a8aec0da152e7ee

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
ed223400ac24296fca94999eb9fd9a13

SHA1
a4074704100f80f06af1e734057cba4e81cf47ad

SHA256
d8a70cb351f1d1b2632479391c7fed84441798243261e6f08edd8966e60a65db

SHA512
a59789862ed21601c2723fadbdcfe680fd85cc63334d6e555e33b545e93c8181545f81430a5bb267515ee9e347b1e394e850c28aa8244e1ee53e5914329fd242

Download Submit