e26b5bbaad8a5def9207c0cf75e54906ba5ee5f7931df28379a9f7a2761e1630

Analysis

max time kernel
128s
max time network
142s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e26b5bbaad8a5def9207c0cf75e54906ba5ee5f7931df28379a9f7a2761e1630.exe
Size

10.3MB
MD5

fc69c63c62bae77a4dc10e6a79f0ecdd
SHA1

749b5051ea1be025bd73fa6a5658feec08896c0b
SHA256

e26b5bbaad8a5def9207c0cf75e54906ba5ee5f7931df28379a9f7a2761e1630
SHA512

b7f052cb9c79df6670aa0f3177032647f69c23a4064876b35235dcc18abeada45f23e9306e87ce5c0ac9b1508196a88729499c16bb2d159245632b70530d76c0
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e26b5bbaad8a5def9207c0cf75e54906ba5ee5f7931df28379a9f7a2761e1630.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
588	e26b5bbaad8a5def9207c0cf75e54906ba5ee5f7931df28379a9f7a2761e1630.exe

C:\Users\Admin\AppData\Local\Temp\e26b5bbaad8a5def9207c0cf75e54906ba5ee5f7931df28379a9f7a2761e1630.exe
"C:\Users\Admin\AppData\Local\Temp\e26b5bbaad8a5def9207c0cf75e54906ba5ee5f7931df28379a9f7a2761e1630.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
86a7115d9660968fc597e5f1d48f5fda

SHA1
cfbea1c5c86b352e4c6005d0432bec6da4c2eb9e

SHA256
0976bda1798540271c875fba990fddaf7ba71f0f5470d70a35ceb386f7101733

SHA512
47211598ad8702c0b9822d84493b2b97367c467b156909d3acf7ee75e89a3be37bbc82e22617d7c6421a9a80caa189402fcf98cdcdc1c451567737a4f9c68e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
8f6dc9450d0e84f884320086f503c5d2

SHA1
1695bdb77b12252bef8bc3980e2be40f84bf79e7

SHA256
2e7bd0b69cb2f16ce5e5c7eddd60697e30d18fc3e475c55fcacf4d02ca11b08a

SHA512
b3c721d5322862741165cce3ac9293708910c5dff158572ed64c7eba238ba8029657fca7f7b931ebae5a5b99290da8539bf6577028710a4cd29901a06070b64a

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
f8ee409b390b21b16a7a3966834f9c81

SHA1
dd99951e4c3f91d6e4766c0bd40d042b7c8ff5ee

SHA256
bf7c5d0b365eb336e73545ee21d4bd8c5fd914e429eddba666150c20f50313cc

SHA512
7b6edd849d479650f795967e0b8ca0d588f40dc9aa7ae815fe147caec26fc69fd6c0737267a1cb26910a1cae227fd2867a7b906934101e952fa72af6a612c9f7

Download Submit