6e9ce5f49cba59427af4b856b6a379f3407b7e2096da1f93123330f53f1a415d

Analysis

max time kernel
123s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e9ce5f49cba59427af4b856b6a379f3407b7e2096da1f93123330f53f1a415d.exe
Size

10.3MB
MD5

417175bb890f925a98c709cfba0b9c00
SHA1

f47eed156d22bd5faa3f9e47aa409c59c1cd13b8
SHA256

6e9ce5f49cba59427af4b856b6a379f3407b7e2096da1f93123330f53f1a415d
SHA512

b970cf2b4dc564af455c9b9420acc2d1d36878cbc36ef40b81eb008760fc230517924518ff4d6d6b7722106495b657d52d87bb48cb2888e76fa07adabe629b63
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e9ce5f49cba59427af4b856b6a379f3407b7e2096da1f93123330f53f1a415d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2512	6e9ce5f49cba59427af4b856b6a379f3407b7e2096da1f93123330f53f1a415d.exe

C:\Users\Admin\AppData\Local\Temp\6e9ce5f49cba59427af4b856b6a379f3407b7e2096da1f93123330f53f1a415d.exe
"C:\Users\Admin\AppData\Local\Temp\6e9ce5f49cba59427af4b856b6a379f3407b7e2096da1f93123330f53f1a415d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
852b9f0b43240f56fe706ca45e974b35

SHA1
57ea98115240da7e922ee2b13256186f2297da37

SHA256
b067c5732cbd211516597133c8694511653c8e1e64196915c190459a54e74bcd

SHA512
3a48cb7cca8465a4e9061938ba47495d725a54a7b5c37980e0ee015a7d6cdab69d98a65105d4c7d6d6c5c0fe37b0485c5d0e6d396fcf835f2024bf6ea2e40781

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1b818f9ee8e778d1133c15fe19f1e60a

SHA1
79bb4f9ae858b1ab1f1f3dfa545e77bc7101edda

SHA256
9e439b40c8fa8ab7b534b243c5f97ddb5ebc3ab53ef898ea735b4eb88e3dbae9

SHA512
d988492d9c512e8cc8bcb321b3abe54c385439161fcd3799a64ed0ffbbb2ce4d4cce1c7ff45ca5ea6ebc8392313781fb1c1360b42d5710cbdb729d76145ee699

Download Submit