439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe
Size

11.3MB
MD5

9885f7cb150dbdc314b1c2f04a525ccd
SHA1

f0e2ed946e46c54b530838c6e342c9d6b01dab79
SHA256

439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb
SHA512

ab5e42ab1d4467ae7f4b4b4890aa7bd37d3d7304f184b392f1d4c2bef93f5e169e98a33fc07b41f4c1f21aec6af57a804f0dc544f4af428983ac2a814f71ba44
SSDEEP

196608:RXFGPpySVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:RXVuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3224	439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe

C:\Users\Admin\AppData\Local\Temp\439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe
"C:\Users\Admin\AppData\Local\Temp\439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
de6084e5028301b70bcc5cea8bafa491

SHA1
d8cc0fdde1d9802f55e613a6b65df0821cd25306

SHA256
f7873b82df74fa16c05288d7f800705675af42bb4f0d9ef2dceb688d4014257d

SHA512
4734624fdfdf2ebea66bd014f9c40195401a2d310f5af2af15ec251ae7a360fdca31182917b96927437a326907bd7b0ae7df4d8e1d87236713234e1eb2b0c7f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
7015fdd32ad6a6c5a055fcb74ce2219a

SHA1
207a75d9bfe43a762041a2af2cf4854d95d72989

SHA256
8782e3b204595bee536eb1724b3cbd7e59bc6dc7348dc0e2fd429bce4deae1d0

SHA512
d7128617a6a6eb635b50a7b5797633e07ce698552ad633baef7be8c58014128b9806898e461dddc62d51c194a6f9564e58c3e1f80c52da061af9e7b0b3aa453b

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c684f1db5d4cbd8656bb67245382c3c4

SHA1
a3d8c10e2b0a397a97805737cca0ff7e7d19d921

SHA256
1df828f656b3196277e8b318991b732d3737a6f92b4e50ce935ec4465cf29236

SHA512
d9987c22356dbd7c1aa6925b01f38640099f063ad24b1ef1b83f0eb464d1949248e7346f6aaa6aff01ca92fc6d5ba72502fecc22c6a5337cb3d1df715b041623

Download Submit