0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813

Analysis

max time kernel
138s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe
Size

10.3MB
MD5

a9eca8f320a5b18b756e051cb1ca9cf9
SHA1

f39d98f346704f77251ff9aaad582cd8a5bca2b0
SHA256

0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813
SHA512

355725aff358fbedfcfa32218c1931632e5b6b3c7098e94b15c46f6744f2537b0d1aa9e1052242b0332ff2b456703ff64e2e67aa0ea38e927269692c96b888bc
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3596	0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe

C:\Users\Admin\AppData\Local\Temp\0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe
"C:\Users\Admin\AppData\Local\Temp\0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
0d1746f71d582d1f5ec852902ce73cdc

SHA1
3dcb1794c29eb9c7445b4bf14f03771ce369c996

SHA256
30a03c46702a22ccd21921751664bbf5c410b41e0fe8138e28e4a79d56e13a4d

SHA512
c578803d98616ba3c9a95fbe74df2561e34009faa655bd024855c23b2936e4136ed11df8cf6f369864544d489f55d025fa24a26f4be7a686d14366486d3ff677

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
979e6f8bfe02d2d54bcf864f278d502c

SHA1
235ee0ba041cffa7823840532c29e280a128483f

SHA256
cb7274218c7c7d616e6204e9ded54da9133d4466289f360d3d191c9d736e492c

SHA512
2991882a17d8cc8987603cf00f197fbf1e641acd8d519fef9db767973d79aa7ccbacf71d90d9fdf59f440a044782b94111832c3e314569e47c3a8eb91664ee77

Download Submit