c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954

Analysis

max time kernel
100s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe
Size

10.0MB
MD5

77b755b6a44da36b67c9927e871e07be
SHA1

f6c37acf4d86da089146826a671a543786e6ff2d
SHA256

c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954
SHA512

669764f86ea6de6f52859204a2682916c6af7f212199866530f292f0911d490b5eaec501a2f5a6ad30057c085d3dc8aa5589eec4622803d19361c9bf9050cd45
SSDEEP

196608:n4NS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:nmRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2748	c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe

C:\Users\Admin\AppData\Local\Temp\c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe
"C:\Users\Admin\AppData\Local\Temp\c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
a71ad70be370325211f548a4a452f4e0

SHA1
5d0a699eeefc50099cd9ec9f87d6f5b96d0aaa0a

SHA256
318c17a15155e7a8887e33d16a2167c89089da3d19abac812ba5879648062026

SHA512
5549ca7aa86c870909b4f5a59fda34bd709bdd85a9d950d26d8b00c70d8cffffb941b9147443f018e5f9d6e49c857077b6261de6b028934b3268ec115daaf129

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
2124a56599f8abd919e56846543d5339

SHA1
1af81bacfd9e009026602b26877c9b36e7b4e527

SHA256
716b630b45600f0e0b282f56ca9780f19ce32689cb4d37667f307c6832274808

SHA512
6edb11740413c01b232b950e6231ac994edf26a6b76e632a2fb496977ca5150deeebc35ae978cc9de2177c0d2f90999c971b365a4250e44ebddd5b5611b56f5a

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
15b91557fb70cd1bac8827dc848eb4a9

SHA1
12f4fd8090d942c9a4dbd16e508f62353cbdcdd0

SHA256
e0c585de90d9f87943f589a12d6596ef9d4cdcae2a7dd764f8852518e522ad67

SHA512
9fe9f5b16368945e507aaaeb8e4c38111b6ad9aee034946bd419719648bc291f0f01454614edf9af48b3e130e853fb622e0c8625c096ddc1afb58fabc97640f0

Download Submit