5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe
Size

11.0MB
MD5

91705b782187c2f8214c2f035d19da07
SHA1

221fec744db1dc0543990008a5e3c90a233bbe64
SHA256

5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe
SHA512

fc3478710d4ec7197da1afcb63102f3d1533cf45a0ca7576a34c3759dc63490812dfb1bebe873992420670979ad0a4585cd9d79d1d08b7c62cffb19a3bb8c33a
SSDEEP

196608:5lAWWOUJYS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:56WtUJYRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1076	5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe

C:\Users\Admin\AppData\Local\Temp\5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe
"C:\Users\Admin\AppData\Local\Temp\5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
ae3bbb8f9244ed1b3e1a7e58e8ea9191

SHA1
9a0e0f393d4ba56fc523f8cb9d863c26311df325

SHA256
7513539871061dc32ca33ce458e58756308b2f2466d35940ad7053cbcc910209

SHA512
24a28a438c9b64087b04e7179a9528fb9fd02d66e9f6e5307941647545523e261288cd2a524b9b0c3b393b4da4d596d7adcd6cf1feceb589e399f0299d370ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
71dffb4c02688deee56f5752e49a84ab

SHA1
4adffb0cd489881908a0174716768fee9e231477

SHA256
8715479f4325a8b322f6375061f4d91c7e734132933800af87757d00aa4212c7

SHA512
810e4e45fd409290dc1c1474385c01ba62789838a2bae9126864b22a6767e560edb1ca3050c35e8efdba4df58dcb1e287189b72c7cd7171cf2caccbccface2bd

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
5e9d753cbb383c81ddf9024d60f273d9

SHA1
0f4a8ccd013201ff8651d9d185354bade803dae5

SHA256
b5cb0eb008b1d8c951b9207c3ba24df5fe381e08c730a06372d984ec68da38b2

SHA512
750b0abd3a03ca069655ec2409688f3dbf8e1683e6bebda6ee81a2813089b485406ec1c32107c1ecc57d84dc75b225039d8d356c026ec2ccd67f64d208daafd3

Download Submit