f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe
Size

11.3MB
MD5

522df9b19110f16263a5bf219eeab1d1
SHA1

28805feefebd179c74b4ee471021bcf68a75e25c
SHA256

f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9
SHA512

1ff15a187d723eca661306c45ef3798ac33427dc5e5b242af54f58ff7d2e4c986159027541488dd2648f2ba9ca4a7af33d9f294e6d82b6790e9fec1efa2e9447
SSDEEP

196608:RXFGPpySVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:RXVuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3952	f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe

C:\Users\Admin\AppData\Local\Temp\f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe
"C:\Users\Admin\AppData\Local\Temp\f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
294c54d81d770993349e47d5b52f763d

SHA1
971d0cc9608f0adc15f776fde45bbc3aa51eac27

SHA256
b8179489c8d40e855b8e1a639065b51540d17c7e6b7f50aac24d4e470fd9b385

SHA512
dbf4d2b576b874e90ae63720c3aded964003d7c2d3486740a1cad89e7bd29c26a64639c30b0920b0abaf12dfa45273e837a8ba432b4922b216f02664abddf3d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
1bba13ae5b8dc97024964c4ccc5a62a4

SHA1
22baf71e08e68836dd1ea8373b463e12c3060755

SHA256
b939e0015853964a7845e0479e9b7313cd8bf72b856aff2c78f2f3189b5d3656

SHA512
887417b308169281b1ae2050fcbcc052220ab9a058f5bf8dcdc1237026524124b4d17b57d848433dfb25487bb5595742397fa77571551abc721eaf18e39ddec7

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
40a19c36c0cc7043b3c1c2c390894d1b

SHA1
dd3ed060bb4537d5277272a9e4234db80a8aa7f5

SHA256
7ccd905068506b785b3249fccb4e35f1d5ab2673a102dacc89a65e0541745c89

SHA512
43589a52d0ec3e174bd171fb0c5d8a38feeb15985c8783e4ec3e6bbca30face8022739f3a9d912bfb0b978b9927c87283584c9db659013ba5343b334693ef8bd

Download Submit