26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9

Analysis

max time kernel
127s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 16:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe
Size

11.0MB
MD5

89fef2fe32dbea95a13ff78e463c643b
SHA1

2ffbcac9459e8c893e1e386b5a2d8b7e8a1ade60
SHA256

26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9
SHA512

6f3d786d0a0520ad8e01b7354e36d67f58a15911409928ae5a1a2fe32099fe0e58a2b23122d1dc334611766b9a59e87cb39fca1ec4bf5a14250d07561ff5d8f3
SSDEEP

196608:5lAWWOUJYS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:56WtUJYRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1008	26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe

C:\Users\Admin\AppData\Local\Temp\26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe
"C:\Users\Admin\AppData\Local\Temp\26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1996,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:8
1⤵
PID:4200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
f4e537fa4750c1baebd8c8273b641161

SHA1
e8fb1d0410180261d9c1bf295b4ec87f47559726

SHA256
b86f13dd15569f573367f80bc2f094a1fc94d09dbc79135762b36827128f8bfe

SHA512
cf3fe7f899244db905ad0dd168b75f598e052a6500203ba9abe46af2c625a984ddb3000332a0d05c379796a3c369ce61c1a34c6c8bc653cc5ba13a0ff5d236b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
608344c0474efa647d008d17f16027ee

SHA1
3c1432a1ee2caa7a101b4f32450580c127fe4907

SHA256
48069eedbda00d9f9b41412b4975e8802fb30d7d5415756e040c17216d708e37

SHA512
0cd1275e59a76cb9e58fbe318ad0b8ed7e9de8601e81ab87205a8cb1fa226b3478f655e41e807e7743b4276ebe97ae5e90b64bf1cb206c0a7fc4de34a431cc26

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
3156788f45c1dda5dc59d8e043be5adc

SHA1
481f7f6e70c71ae79916974579bca08a843a5680

SHA256
e5ab9447f28fb7d83bf01aecde646eb62bff0a780b80f9c088edeef2282ac19b

SHA512
60aad6abee50105e2a053053f1636a56dee4e45a5436ecd8edba49120c50707e3ffccae4d405f6688b2c4b4b900c5654956c83698a026c055278e158787353d5

Download Submit