f7216157a29a6e8409136f334af4495e210ab43567e972d696ff59422fb9f407

Analysis

max time kernel
94s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 20:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f7216157a29a6e8409136f334af4495e210ab43567e972d696ff59422fb9f407.exe
Size

10.0MB
MD5

5912ff4a019f65d69838f4d76c9dcc4f
SHA1

89f44c6fea34f35952dce3d43d8cc6f8bcb1698b
SHA256

f7216157a29a6e8409136f334af4495e210ab43567e972d696ff59422fb9f407
SHA512

7c61df0f98d4aeddd93344714f900996d105f9930d04a2f7adc50b691b07e98811b43aef01a6a3e106ee021b586054fca6b36d07935d91ef5dee90936859f457
SSDEEP

196608:n4NS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:nmRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f7216157a29a6e8409136f334af4495e210ab43567e972d696ff59422fb9f407.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3432	f7216157a29a6e8409136f334af4495e210ab43567e972d696ff59422fb9f407.exe

C:\Users\Admin\AppData\Local\Temp\f7216157a29a6e8409136f334af4495e210ab43567e972d696ff59422fb9f407.exe
"C:\Users\Admin\AppData\Local\Temp\f7216157a29a6e8409136f334af4495e210ab43567e972d696ff59422fb9f407.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
1bbd908060710fcc33a6dce4a12dd672

SHA1
bbac5440fca247a7d1f4e4d86cfbee30eb3de04e

SHA256
a0dc2dffefb0c91fc42eaf2eeaa78e96bb435c506fb98ab89f4db28d04e820b8

SHA512
c452bc23587012030d146dabf8ceefd7dfc40ff5cc23f9a97f1bbcf6202ae59f05faef13553a6f2139bd8f0468573865c5eddc91cfea23b3a78798fdaa31c43a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
782ad4802ea0f334970f6503bd1e0f7b

SHA1
1db27c3be521b62c07d7715cf0ab1af9414e4980

SHA256
d72ef04727c225956e05db2ca101f169449f08089caf2d048214f68f544f82bb

SHA512
09c101a89383189c2f38f6d01fc135362ac4f52f6b82ca037521692b750a8a4ceca1aab6730ae0b52fdf35396f08d3a40e85edaa74b62d4da0d0c52cb25e98a0

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
cf80e648564d97aadad4e35a8f842e2b

SHA1
46bd9c946c731942d2da4a5c51de2373534c4784

SHA256
7fd4c472b3ab160a3161b9049c2daacd7a400f975106f2e657264588e5d0d23c

SHA512
3eafe375b8db290ce107ed50fd0e3ba115af4e8ff705f962f1998a2d76c4d1f3f72aae3d5c9930f38077369a36f3a1f5e76ad439570e53a9704206aed5df3699

Download Submit