Analysis

  • max time kernel
    92s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-10-2024 07:11

General

  • Target

    18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76.exe

  • Size

    10.0MB

  • MD5

    042deda426d2c711aa38a0f73c2599b7

  • SHA1

    c3afbb7a76eeca435fd38ef7bd7e5d49d89de48d

  • SHA256

    18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76

  • SHA512

    15196e1e0b3bd2130e7219153e63b6a1ad2c674785863a268e8716e0d0a03182b8f336c23450c40ba91b08dbc19ce34e30118971237f1f931da139f73fbdc2bd

  • SSDEEP

    196608:arS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:arRrDjtLKkOa8ps6puAktIz

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76.exe
    "C:\Users\Admin\AppData\Local\Temp\18cafcce0a0a953f256a79848c8ffc7ad85894b726647e9a502f1f25125c8d76.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:3000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log

    Filesize

    6KB

    MD5

    ec094c922ee94fb6a575dfc9695e8d88

    SHA1

    a5b38fac7a43071a63b15c4cfff5449cbe1a38fc

    SHA256

    b970570cd61769e0cc60dba62bb5e6529b5b859e1424d8b14f12dc5de8af3563

    SHA512

    51dd9624d60b8c62ae19f46d5768cb0e719e84fc020832f890d54763273921dbec13cb86672904466a4a8f2f1d50ea17dd13bb9fad9c6b638f32b33518dee67f

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log

    Filesize

    7KB

    MD5

    e3177d1acdcc621d5f5a58e56229ca9d

    SHA1

    12acb6047eb2699101035d6aa981a3393d495707

    SHA256

    d1065922d20d0910f2d2d44e9915db7595036ccd062df1e360c5cdc5081f640d

    SHA512

    4c07fa5b05a116760ec75ecf0ca3a1db70ad2d82e4efbee0623a4b21b4d11e7d9cc398f85521102c3bb3fee174c46cef56fbe938fb7263f12d3c643994e9dbf5

  • C:\Users\Admin\AppData\Roaming\Yandex\ui

    Filesize

    38B

    MD5

    09e6a3a48f32e7d0181963c2c0e3c3a3

    SHA1

    55c400cc4a51292baa784753b13ee485728b17c7

    SHA256

    70915d9c8671c5e889f2f5715341012e1bea247d0014149287a4e8b89656308b

    SHA512

    2075a9b6a7755b36d6f8c05c98d38def219509d515d60ea7fad695293caed1172be5bc74d90095bccc8ce7dc73e801b94278805a1d4eb7279dea8dccb4ca52ea