d12b4187a51213ac84b836741873e4ce67b6ddcd173b528bc848b5f629b9dac4

Analysis

max time kernel
95s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d12b4187a51213ac84b836741873e4ce67b6ddcd173b528bc848b5f629b9dac4.exe
Size

11.0MB
MD5

6a0d0f27b978897de133f8adb24903c9
SHA1

4c1c1869827ba6c5d791eac5d6f9f2a91169634d
SHA256

d12b4187a51213ac84b836741873e4ce67b6ddcd173b528bc848b5f629b9dac4
SHA512

85a4ef755284d2480f06214dab1c5c8c2452caf284983956c206a276f334385c78810f8c4fc03ed5a5f8a2aef59323959ae9d03af61903abdd9711918a50c3e4
SSDEEP

196608:5lAWWOUJYS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:56WtUJYRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d12b4187a51213ac84b836741873e4ce67b6ddcd173b528bc848b5f629b9dac4.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3448	d12b4187a51213ac84b836741873e4ce67b6ddcd173b528bc848b5f629b9dac4.exe

C:\Users\Admin\AppData\Local\Temp\d12b4187a51213ac84b836741873e4ce67b6ddcd173b528bc848b5f629b9dac4.exe
"C:\Users\Admin\AppData\Local\Temp\d12b4187a51213ac84b836741873e4ce67b6ddcd173b528bc848b5f629b9dac4.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
f47c698bf10031358a6231e90b69c8d7

SHA1
6d77b472b82d0da40a98235e5accfec397a8286d

SHA256
a9490673b8a48d7c8a2e092efed7606a3ef78fd8ac409721c0401e1d011809aa

SHA512
9832105b079dacd9fd321021983b8cd316904953661f5ebc1c49f6481cfa0b760d0b8517015fa16295cea4e488c7561157fc07e0bf2bc64ca08033bc2ed09fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
72abeeededfd058535888781fc3cee24

SHA1
2148ab5419ce266e85bff18c69eea6e552773ef8

SHA256
0857df128bcf6f4d9205769e3b9b083e43f8e06799704baf256be8dd2db7ffe6

SHA512
47b2dbf6c0cc2fb9def072dca892731dfc2664f0081ec3f553f7e1e4c4ab9af124d1aa1d836c7e60e80b1dc654e1ef2902749056cc269ab510d34aabdf7c3164

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
a0d81b2a60ed9d06eb1f5de03cc77532

SHA1
8b4007351a074ef316f0427098b4605f46eb9059

SHA256
8c5b4d4dbbf75270577c201e65c642d28668b01b9f94a4f02bc18d6b6fc48a65

SHA512
28b09c6668ae9e0faf97635a478bd0f4160080f864617fb030b2cf8eb419462c799cec7008e36f42022a74cbcf9a0aac339ab6403f6d97b5b4fcb0fd146af5c9

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1d4831608d8d5ca354a527f6674a807b

SHA1
648686801d9e8b709c2404490456a3c0453ec2f6

SHA256
0f153060105480a9ece784ce4a6f45696b4191b09322da8b4b70a4c6433d25b4

SHA512
ce1613eefa70407b34c4bc7dc2181cedffb7274850d8f081f20e6d56d819196f8622f312b0d15e25c9461d01dd7e54476081300adc58a0346d741e47c3947fd2

Download Submit