df57ba093ba733a0918e339d38af54f3a19c1dc8fe644e84f56b7fb552a866ca

Analysis

max time kernel
92s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df57ba093ba733a0918e339d38af54f3a19c1dc8fe644e84f56b7fb552a866ca.exe
Size

10.3MB
MD5

ff26e869ee90d1b9d9618d6384321b92
SHA1

e5be5b4f41529650b09b5c792f50d1bee7be2c38
SHA256

df57ba093ba733a0918e339d38af54f3a19c1dc8fe644e84f56b7fb552a866ca
SHA512

4533d40ea54c8c28b06e159bc6ef6fdb474e4b4c343a7e92d7da0a4779941767cfa1a239314ac5258b8619b4ddd0affea3a0cc657b6d518d77b6d0d9362e3a3c
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	df57ba093ba733a0918e339d38af54f3a19c1dc8fe644e84f56b7fb552a866ca.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5028	df57ba093ba733a0918e339d38af54f3a19c1dc8fe644e84f56b7fb552a866ca.exe

C:\Users\Admin\AppData\Local\Temp\df57ba093ba733a0918e339d38af54f3a19c1dc8fe644e84f56b7fb552a866ca.exe
"C:\Users\Admin\AppData\Local\Temp\df57ba093ba733a0918e339d38af54f3a19c1dc8fe644e84f56b7fb552a866ca.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
2f94ca5d9acc6b4d9d48eca5d7bf1f46

SHA1
dd1a47324ca488f8e36c813b52d5e5be6a776b7e

SHA256
4749a3c43ec5b0d827e0013000db561f80f2fcd20cbc90ef6f86af08c9a2aae3

SHA512
7639ad37b2a8ab2df78dff746817f1dba0f79645f360d133097b6641ee4b63509fc086758f1fdab64a6fdeca788f1c9d59d1e043396358c696543629770efbc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
1004742c7aa9bd5797c17211ef3b09c0

SHA1
94618c38ba2d6a3ca4e7211b0422c2969a92b10f

SHA256
9c23e8b69bad359c3a9d2a5dc0faacc379932075118d5d1428a37839271ed38c

SHA512
e4f57da632be3d09fe886a0eedcf0b582cac62dce8f4a8a6771fddbac2e8edb0cfa3d217aa2913151c72c955a261b2ddca86ce9deb59b91e9e5c95db9e26e69c

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
776b59d0481aa59440174a6bd574cde7

SHA1
5af37a085048d8391dd830da7538df6aa44539ad

SHA256
13871899ccd753f6e02d10a6e4ff425024aca25cb55527dc917aeb78729ef6c5

SHA512
86a435dad0af8c38717a61b6e9e44539912a191cf4ed2b5b8ee9f9196ccc2fb0d00dd74e6e7950ff4f34dc1659d69d7219daa3c501282188c7e3bec9e09925a6

Download Submit