5781e45fbec5fc67dfe0978ce685f5a087bb77cade580cf12be43cfac162c309

Analysis

max time kernel
94s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5781e45fbec5fc67dfe0978ce685f5a087bb77cade580cf12be43cfac162c309.exe
Size

10.6MB
MD5

9a81939146b033fe7dea14548c90aa3c
SHA1

40e2ac55bb9fd925d560a0c1e0ff7d15d017f47c
SHA256

5781e45fbec5fc67dfe0978ce685f5a087bb77cade580cf12be43cfac162c309
SHA512

d917e9ca28f63b32cfb9f14b118dde82400c43c4376f5cfa1d64e201f16d3a530c2dc50957ac22914d4acf6ed157adf09913dbcf0188745c8611e9ff36ee3ef1
SSDEEP

196608:OLhQE1B+jXuS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:yhQE1wSRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5781e45fbec5fc67dfe0978ce685f5a087bb77cade580cf12be43cfac162c309.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3612	5781e45fbec5fc67dfe0978ce685f5a087bb77cade580cf12be43cfac162c309.exe

C:\Users\Admin\AppData\Local\Temp\5781e45fbec5fc67dfe0978ce685f5a087bb77cade580cf12be43cfac162c309.exe
"C:\Users\Admin\AppData\Local\Temp\5781e45fbec5fc67dfe0978ce685f5a087bb77cade580cf12be43cfac162c309.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
713ede3d95214529782eca635083baf1

SHA1
661cb910dcd3d726f11b3fb4a6264cb2f32b90ab

SHA256
677993740063d3a4ba040b435c8fa3808572f22e901be43a014355796befa2ea

SHA512
a9c951a77b7b2988ee07abf3b51ac7c62ab4c8c285030951a0366c0d980b127143f2d4b97433eb07141cce58ab71528dd44a00e428ba0412dd31a7313be8043c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
3d15cfaec248488e63e7d0b86f6d8c16

SHA1
9b09b59bc78269d7ea8cdcc36961f687495a52e0

SHA256
cdd2a3a2d8b8a97eb366ad274e757f40065f243b2052a64e3830911eba8f37da

SHA512
3155163409968611fe1f4111ba9749b98ee05d08be1e18b8c22e5c0f643a049d3988a691b6533f7a6b68fd30daf7f3de70682ebea7a357f9f28e2e7acdc2d0c4

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1fe5b416b6a9a2638901bdbb0ee34261

SHA1
433c2dec53c57ffcffa9f43b5c4f5a7607e165ba

SHA256
6729a9762d28b242da1d89dad041f62ed78fa20f2f6e51c4ef2283196fda959d

SHA512
f468ef7f4121ea0979a9d15f8754f4e2f82feee9946216051b3700140d89fc99fd717ecbd27bc5e609307e0ee9592a1144dac1a024def4e3eacaa125696220eb

Download Submit