59aca7e3f10a2744f344cd19d2cdbc79e89b24a3180d156c4c33e2d8ba2bf6af

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 17:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

59aca7e3f10a2744f344cd19d2cdbc79e89b24a3180d156c4c33e2d8ba2bf6af.exe
Size

10.3MB
MD5

51806fe96ca95870cd1b304895fb3316
SHA1

829afd0a97751ee64bfc4bc5457b0dfe9ac136be
SHA256

59aca7e3f10a2744f344cd19d2cdbc79e89b24a3180d156c4c33e2d8ba2bf6af
SHA512

cfa3b8502d71f789ceb491db1ad21ef41e298ade19016f47fd100ea97212bcb2aff1ae3573629647dd4cc67d069a0c07a76ba2c18cc9b076678a205cf9640fd2
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	59aca7e3f10a2744f344cd19d2cdbc79e89b24a3180d156c4c33e2d8ba2bf6af.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1572	59aca7e3f10a2744f344cd19d2cdbc79e89b24a3180d156c4c33e2d8ba2bf6af.exe

C:\Users\Admin\AppData\Local\Temp\59aca7e3f10a2744f344cd19d2cdbc79e89b24a3180d156c4c33e2d8ba2bf6af.exe
"C:\Users\Admin\AppData\Local\Temp\59aca7e3f10a2744f344cd19d2cdbc79e89b24a3180d156c4c33e2d8ba2bf6af.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
8152c526a3e430e52580122c6a17d1e6

SHA1
1316873bd797994e4df763658440028d59655e56

SHA256
6125093bae1fb4cae290d34fe9b367330fa9c6c90fe270c2559629bf7caa2f46

SHA512
50b07152b0ef6a52bf13e74d0bd313483eb0a6730b75bd46434bbf15f3c971621887b9ce9143a23fa2a9c462b1e186a3b74282794b8cf112ce79ceeb4390cf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
040902cf61a56b9195dfabe8c670370e

SHA1
21b21389612c1e161f4fc5d2dc3515de764e3f27

SHA256
f19e656eb1a8ffa035eb3db11a8fbdc8a1e7ccc2be90096cb05e922f4d6145d5

SHA512
60fdb3333a7df189b503e799b716fb365e554256dd81949ee550d03518ddd066aef0688ed2f8d67afe81c0de06a2a793770b60335ac3e1d90cbb4e2e71fce33c

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
f43c7c3fe77ecc321cf79d15b1ee9543

SHA1
4602368a4cfb37c0ef6f0da45044793d8208d53b

SHA256
eb543fb6fcf364f81838cdd24e9fb3fad6e03d4d06c95c46b4ca4426d3cf1588

SHA512
0fb1be33161afc98764cb25c1e4b719c4d25fe2ac3e5ee940add5d1afc583cc975f8c055a4fdaf0acf93c55a04a140c7b6ba0b202abb527190bba1c4a8ce481c

Download Submit