39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe
Size

10.3MB
MD5

18202dfb8ee4bd515268a34c040bfd50
SHA1

6fc24510c610109daf7872d147e0fb7f41eba446
SHA256

39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3
SHA512

e42031dd2530831d7d4e23bb904cd47cf34766a1693bd85bd3a57309adb790e344469dc5b4893039b6abbe4ee2da3a6323a99119ade4c172fe2320cfdef3b47a
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1376	39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe

C:\Users\Admin\AppData\Local\Temp\39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe
"C:\Users\Admin\AppData\Local\Temp\39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
228eb9e7a8153497adf96fcba01cbc96

SHA1
5a0a712a6113a61dc09197ee530e97984b633c9d

SHA256
f20a5525afc95f6860486a0783ac976871ab95a873e652117e91ef72a02dd495

SHA512
6ebfca6fd4a7a1aa027b971e894f9913c837fe995feec2cba1201c3dd6c945e3320d46fe694ee70bbb50a3846fb1e5bf39ab4424a4237d12f11ae452a4248e14

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
ad2cb48670f3d0acecc1b0ee39827e50

SHA1
68cda1c979fe5c7475cda9ea5e362f9acdaad719

SHA256
00ef25d3e7bb77b79d5feb43fd56091b11b3679c26e280fb4775d019b1743794

SHA512
7541e61f869b5cdd8cf9d6ffe910456a36840f3748611032073920def8266a3fc98e6ba584784a4675263658f9a231499997ccdae20b43adabaf5362734f18cc

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2e1f2432063e7d94389eca14269e95ab

SHA1
57f77c326ef918a0248c35547ab2c8770ee7bcb4

SHA256
378cac822ca546458ad07e06257a3ca4d390d87b9bc6a6a2e3b9ac4e7730f20a

SHA512
bba9a7c0fb5f7b139516261167847aa55f13c4b753f051a02ea256098afeaa11fd5b5ff32f043a2130a152dc0db3eeda6caa9bd2572aee42e51caea9008804ee

Download Submit