60b72ab78a1736a15a1cf0463ec561c1392969ff1bc5b395a624f06e312e7c8e

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60b72ab78a1736a15a1cf0463ec561c1392969ff1bc5b395a624f06e312e7c8e.exe
Size

10.0MB
MD5

694e96a74fd5ef6ead4abb5d40acd3a5
SHA1

4de95af219037b7badf512427f8477edd646344b
SHA256

60b72ab78a1736a15a1cf0463ec561c1392969ff1bc5b395a624f06e312e7c8e
SHA512

2ce1e8f6e8549e3bda4c575fe0394c6bcd9bf18a97774b48d12473a9bc270d4dea180320f1ff2d9287476fbbf86ee1201611a4b187ee340673c03dee10192e03
SSDEEP

196608:4eoS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:4eoRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	60b72ab78a1736a15a1cf0463ec561c1392969ff1bc5b395a624f06e312e7c8e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3020	60b72ab78a1736a15a1cf0463ec561c1392969ff1bc5b395a624f06e312e7c8e.exe

C:\Users\Admin\AppData\Local\Temp\60b72ab78a1736a15a1cf0463ec561c1392969ff1bc5b395a624f06e312e7c8e.exe
"C:\Users\Admin\AppData\Local\Temp\60b72ab78a1736a15a1cf0463ec561c1392969ff1bc5b395a624f06e312e7c8e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
8b65ce2989094fef84f396e04701d2b9

SHA1
98353115141f62d70f78e672a0a9c386da2ae50f

SHA256
db080f62e7fd0c7f468d64559312b65b600eb86604805785b6a8034c2d923367

SHA512
4f19fdee921edc3c63401918ccd1d683d13727d71a4236fc855e7cf4ac57be06d2fb084b451d40249e7ad743606bfc5d64d8b23c6a40a7b25f95aae8e18856f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
17a1d9ce89a16ba297d1454ee278eb54

SHA1
8b89e4d8175cad157da856acbf307b4b12e9b535

SHA256
0ec2435cead62cad7972485f57284ee473eeb02511a130fc79c4dd146ba867d3

SHA512
0fb4f7f965f2417a4857947132e06de936f0d8e11d1cbd20c17ee13bba079928db756e47c105adcc5283669d854e9df366cb0e177f00969aa61f4496c6e61a8e

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
0991d3bb84dc167565b67c0d0aa6f2e9

SHA1
92360fec452e9018518785941143da5f0e1e84a3

SHA256
384338212e43ff358fcfe51300fcd3c3cb1581a276cb64709cba83395c5f88ce

SHA512
cfbf9ed0c0f8eb2e7a80f6a4f58a95d6d1215958ff5c59a2865953cc3fd91a97adcef3306fce0b625d976c23df8bdb899358399fdd1ca0e2201f8a331487cbb4

Download Submit