5ddae4cd256a2588ccd2cc21cf35ca2f4e2f18e86119ebafe1afd5f4f6a48514

Analysis

max time kernel
94s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 01:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5ddae4cd256a2588ccd2cc21cf35ca2f4e2f18e86119ebafe1afd5f4f6a48514.exe
Size

11.0MB
MD5

7fd482e7d6fcd3d1b4aaa16abb5d488f
SHA1

c190c5d60f9ac030d85a2d30e5430b0d2677182a
SHA256

5ddae4cd256a2588ccd2cc21cf35ca2f4e2f18e86119ebafe1afd5f4f6a48514
SHA512

4b9184621ac76d55d12c1b493f1010b7a87372e078beca25f35d32eb768e62983d7198895afb6ea227400ce68ab2ff4c508afdebf91581eb6e00c33a65a25120
SSDEEP

196608:tEKnmodr76S0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:tNRdCRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5ddae4cd256a2588ccd2cc21cf35ca2f4e2f18e86119ebafe1afd5f4f6a48514.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4704	5ddae4cd256a2588ccd2cc21cf35ca2f4e2f18e86119ebafe1afd5f4f6a48514.exe

C:\Users\Admin\AppData\Local\Temp\5ddae4cd256a2588ccd2cc21cf35ca2f4e2f18e86119ebafe1afd5f4f6a48514.exe
"C:\Users\Admin\AppData\Local\Temp\5ddae4cd256a2588ccd2cc21cf35ca2f4e2f18e86119ebafe1afd5f4f6a48514.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
7b236f2651ab8c2aa2a7a75e9ebe7d71

SHA1
7e01ab10867fe9d4deea59f42aeccd90a42c645c

SHA256
038db0d998e71f630ec2fe9ebaf69e08db687af911adec943859564c149f4a1c

SHA512
286fe22f2832621090a6df7d11d59e6a5d2156f727206ac37b0cd756101ae3582c41d0499381124e226344429fdaf966ac1f5a37d4fe493d678800578ab6a852

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
c2fa47d3066d0cdbd5abf758a7966ba3

SHA1
0c3c44533aaaa7577f4df8a0dc8ae94791529735

SHA256
557f4c2e949feb182e298b6da977365316716746aa6dbbc1b4aebce0f28e19cf

SHA512
89988f15ed060d5aad20ffb53ab4d145b520d4b8fef6a43e404e42fc3a0e332a62d5d8ed6e29cafd110acf7bc3092f091bd5d5ad9bd5de3f7b03aa5be245208c

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
f271df110e04d71c6efe011cd4abcf97

SHA1
f5050e4dc111fd38ecb0befe1fb0a288f9be2dfb

SHA256
cada58d264d9004650818a6fd6571606209fae0114c82e2f55a8a61e6d23c3c5

SHA512
ac3d88502eb4a25dca218539bd4c47628edaaf524e51d4c6a8ec4bfb52b5075741cb591fc8e55288d6ef11b4197800edd67704574e660c63f3cb1c44029b847e

Download Submit