bf11029f54e690c1324467c544612ef0ebc519e67899657b70f104b38c0bb12d

Analysis

max time kernel
118s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2024 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf11029f54e690c1324467c544612ef0ebc519e67899657b70f104b38c0bb12d.exe
Size

11.0MB
MD5

d887950e7549d88a293ce3fc5e077737
SHA1

d2f78ee3c4948c364b09d06c8e03e58f3f20146d
SHA256

bf11029f54e690c1324467c544612ef0ebc519e67899657b70f104b38c0bb12d
SHA512

628f5075ca9b501e502f0d26eae2c49c6e414d29d06074e0a8155109f252703f832b1ee16b5ffdeab0aadd937d5cfed3b5d25f3ac03614af536589d9020da478
SSDEEP

196608:5lAWWOUJYS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:56WtUJYRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bf11029f54e690c1324467c544612ef0ebc519e67899657b70f104b38c0bb12d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2676	bf11029f54e690c1324467c544612ef0ebc519e67899657b70f104b38c0bb12d.exe

C:\Users\Admin\AppData\Local\Temp\bf11029f54e690c1324467c544612ef0ebc519e67899657b70f104b38c0bb12d.exe
"C:\Users\Admin\AppData\Local\Temp\bf11029f54e690c1324467c544612ef0ebc519e67899657b70f104b38c0bb12d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
e02a26a5bf1da76252659e5ee0cf45d1

SHA1
aa3e7c7c533c6bd49d0a2cf60cf49e1fb2051ca8

SHA256
58fcab5be20b35e75b773cc748f3abc860e884d03a955f40f421587e2dc93827

SHA512
3d42bca2ffce8995db4a32a3348e2d6eb1dde9cb1cc22432b094acc970ed1a26eecc18265a4547685a68f41bc38ba08f7dfaf00bc12eb294b4810583c22b5e03

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
3e470bb78bc41bb65ad89be70777c0a8

SHA1
b91c16a29612bd71254e567e4fbc150d4ca08e37

SHA256
46d2ade579b2e0d68d5e895f6cb89cff2d45611486522ccb06c75c4daceb2c38

SHA512
11b09f03a9446b45d2b05eea9e223b3a08e38f866dba49239e6a4f4d5179fa18bc4c900ed82b659113c4d5d01a356676d5fcbb6639c9aed135680ada314b578e

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
cbb321ea71ef14ad764766f0e2829c43

SHA1
b4dfde995545d4b604d1cb9a59f005504b9a6e63

SHA256
a1a0695ceac2fc170c7a236c03ffd2972942471ab963bdae1188ec3226b28c59

SHA512
54999821320a9541080d4edf416f1df31f7dbf6d307ccecf8e3d24cf997f02b6c65c1a169f14e71af16910a93127c16d001d1cd55d7008d1fb198d1f2483631f

Download Submit