a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe
Size

11.0MB
MD5

ff17c23c8ff7ef3330f77b431fcc2846
SHA1

4c0a982537f681f970a48215a5a768ce4d075c35
SHA256

a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7
SHA512

11fed89ca5c0d61b7f94d42d6035f99831d8b107c14c2ff7265df0bec1fb21fe92d1f148a8091d8056072a12696c808fa853905f414b8bc28442ab7d3297aafd
SSDEEP

196608:J1WWWNNAsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:J1WdAsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1476	a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe

C:\Users\Admin\AppData\Local\Temp\a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe
"C:\Users\Admin\AppData\Local\Temp\a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
9c7f13d65f0b002ff5ac62494eb66eea

SHA1
cfe6f2bbac041ac607bc364d787fd64f36d546e5

SHA256
142e4d554b70eaea2d220ee587098bce57e5c970e0bd19edc89e3aa2b69f62c9

SHA512
b14002529c4cb333ab1d238cc2f41bc1ef20f2ddc2a5fb2e8b7b0dbbd7509eab5735decf980ab1f5e3c8cc3983045697b0ab880b6b852e66923a2d322906eec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
5ede927eea4f55b298580091d9299783

SHA1
4b110b11c4cc649c2af8d1c60eb8c316f37823dd

SHA256
020fe2d4b19b3b6c37e86277700ef298bd17051a6d2696e4e5def3acf5cbc566

SHA512
1644c7c96a2137e05f97183b1db790a9afae33613ab8cf9a8bf9cafea145a9b9c85bfd37b00fb0efafc74ec26fbf0bdbd19b6973dae8b77661d7992a640a01dd

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
09661e25ffc5de3718b2e6466178369a

SHA1
4c2e3b2f25347d63bc6a9e7159b2d860b0ee61ea

SHA256
fe8af8da0b02a3cdf356706865ee25874ca0e33339636b943383f46a2bbe0569

SHA512
1e7ea3942e3737882bf14c685f1f39caf5a6b0ce72b6e6d2693134a0da987cbbced09e517ab054c5501176cce7f029f15124ffc2d148ea8b5f39f3ca8de21c87

Download Submit