902e2014ec3f506aa26f79ddd07cde6e5a50a4b97b96057f5311b4b854d83178

Analysis

max time kernel
117s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

902e2014ec3f506aa26f79ddd07cde6e5a50a4b97b96057f5311b4b854d83178.exe
Size

11.3MB
MD5

26e1e64517497761e3bf2de64d8e739a
SHA1

f2427a483dee66fb5ba1fad0d9f1ae610036e210
SHA256

902e2014ec3f506aa26f79ddd07cde6e5a50a4b97b96057f5311b4b854d83178
SHA512

e8c70c4e85f82e67743126379326bad3a914b0cd517daf0f45e7360df7940b5893a47bec9b3d4e9843a4827670467da2d604abdd10d36acf1bf85348cfb302c0
SSDEEP

196608:RXFGPpySVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:RXVuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	902e2014ec3f506aa26f79ddd07cde6e5a50a4b97b96057f5311b4b854d83178.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2668	902e2014ec3f506aa26f79ddd07cde6e5a50a4b97b96057f5311b4b854d83178.exe

C:\Users\Admin\AppData\Local\Temp\902e2014ec3f506aa26f79ddd07cde6e5a50a4b97b96057f5311b4b854d83178.exe
"C:\Users\Admin\AppData\Local\Temp\902e2014ec3f506aa26f79ddd07cde6e5a50a4b97b96057f5311b4b854d83178.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
3a5c4a73d8422af29ce0380bc23af100

SHA1
04c54d7d4f752c6181459597ff1ffbdfb1c03d3f

SHA256
d82a05a970d46ab847b2a1be5cfb9b9082bf0c3797e2b4ba9edfe502cae73140

SHA512
5e6f62710c812a37c6a0adbdcebf5f73760988286343a4c59e37219cafab784d5073dc29dff122cb86b2558783d5e3c3a3b86d7508cd174c28f4610f9f8a582b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
6d5fd4e1a43057cb886107739081ad3f

SHA1
fb0cc68f019f16ad932df41036217c5000b241f4

SHA256
958d38d0885b488234e3e4682c8ae24ae55b3e1bba988a51982fd6e15b71b638

SHA512
89b02436861eec9acb3c7ccc797b9e070d02e71f15b758416b7e7915021557f0a3c875debada4be99b3ce56c4f2b93c9c918df1ce5934835b66a12b968193c86

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
693ef57a5d5a248550cffb7ddb0ea0ff

SHA1
2a14b31ef38a33e78625c1382c86ea7e260cd1fe

SHA256
055f65d03d705832b1872b40870eefa594a43be4d2c07e9cee76f0412aa6e898

SHA512
a02207912b42cd7cf3376dc2fda744f54756b322a615a9b86aa78bf97e8747107c829c3ff0b77b350a4306e1ceff7625bd9a2cef08c78c8d53996a110b7e53cd

Download Submit