185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45

Analysis

max time kernel
97s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe
Size

10.3MB
MD5

9f5fa9b1d6e086199cbcb013a47f86c7
SHA1

3b7760f200fbadbdc3f2826eb86dae371eded33d
SHA256

185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45
SHA512

00644e6fba2f9636571ca18faa32bc11b1d30ce84a835f71834a04db2752d1d105055257f2e18d2846d33f87a1b9974c9048c7eb9e4a5ea24be7f3f6e5ba1085
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
512	185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe

C:\Users\Admin\AppData\Local\Temp\185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe
"C:\Users\Admin\AppData\Local\Temp\185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
60f8139875ec9016970090a00293748a

SHA1
23fd5e405f05415eaaed0940111b9444207fe191

SHA256
49454083249b653afeab6a060d1662b9e8ff8031e09d03ee83a840ea3c471ab8

SHA512
83adb98c74096a1202219906a9ab74d7193807c47b0d8549530884e64a5d7c695b161eac352b80e98adabfe1636cce19ec1d1247618e52551d5103420ba3a01f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
4c6c9f487460d8adb28a7a01fae436bd

SHA1
bb213b3e1793a8b4aefaf8ceb47c5f519b2c1fa7

SHA256
a14f5e3c79ecb160499301b2fd3ed5da92046ca7982fef5afbdde539c86ea6ab

SHA512
7514a16cbe2fad5176be72fdedb9c50db6cd3c69f73266190026be75ec92302ba66562b595a44753b0becbf4303a4268ad905615e818edf0123aa83556f63425

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
4cfb261ebe2f351978299490b70019d7

SHA1
56be723b78d297874f1ea07f80749b7ccf489e45

SHA256
652a183824de8ba472cf94b5ef931de5e9feff7b2e91824be5dc3b91fee4fb3b

SHA512
15b737c8ca23a1d5da76f6d922aeabf264e6fa241d3cc344cc81f10b97eaa7d1b3943ef3933b5ef18163fb6cead8ad58a46059a7946de87b2570a5c22b08bd32

Download Submit