4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe
Size

10.3MB
MD5

a8d44fc771b4fd046370ad351b0b1c90
SHA1

9350a25537f747a361ded35cf87805f87b9e780d
SHA256

4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e
SHA512

dfa5c78adf4f00022109981d126eb14c4be5f175b2e530b8492c88dc7ed66ddf58c78402c536fd5a7f2476daaf8e11c32550e94ed4d4ece53cd70a1e1daa1358
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
556	4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe

C:\Users\Admin\AppData\Local\Temp\4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe
"C:\Users\Admin\AppData\Local\Temp\4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
c8ea402c6e8f5cde63667426534f79e5

SHA1
26d16cde4e148f583b691ab9d6164c0398b9f060

SHA256
b7457fa8b0888f80a5fecd2a2268c8d3a508a5901091feea5023caca50efc927

SHA512
3e42fbdc8eed74b19d224aa233be26deb911f6a0eeb8e232832d7d638e1b9a94e62ba33f1cbf5eea1593a41c89ebbb1f39e59fb459ad03a627ec23e497688d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
774dde40efc598f0772bbe93ee06407e

SHA1
fa9559ff270803b78bb441696390491fa47517f9

SHA256
287552a5413b8271d2ce4732cc2038232cf3578041fb34a937b7124bf8dc332c

SHA512
f09c8c9755fd6b2b3315ae4176a3113e451ff24461149fa282c38ee2f017e9f82e57915a25ee07dbb8d6cad4d86fd88f4379190974bbe7d4b32e979713267dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
9dccd7dbbef4a0cd5df06d7cf8bacdfe

SHA1
55ee077f048a2dbc20d3d4f214885bfc33e4cc0b

SHA256
9148d940772f3f8a915d50b3490e5c327e9cb45d135c70205ae48e40e4e9a2d7

SHA512
b5e72f38a06636d38644179a09b2c33840e917e640e160fbfdbc77e1a2d1fed557939a27efd835339a4ce343f12d5898df1c17b80d858773444785bfe88ea7f7

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
3163d57b22a9c742d053063bc5824e62

SHA1
4d0eb3865e20b0f4e67b08a946259f0d8d425b2b

SHA256
34661d1430cd1e71b8540e4b999aa1e0c5260a27f732d7078b1d1c2f7dc971fe

SHA512
ec154c0581e9391a923427143348f3b35866517ca0ba8d5d4e401aad75528c0b5575b3ef616845775c3c50722527e74a6ebb633dfdef29c2bd1f5e046ab1352a

Download Submit