47dd60bbfdc2b5720615a21d65ca18d4eb08fd6efec39fc9a75f7bbf5a39cf2c

Analysis

max time kernel
139s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47dd60bbfdc2b5720615a21d65ca18d4eb08fd6efec39fc9a75f7bbf5a39cf2c.exe
Size

11.3MB
MD5

27a48526ed77894b1baba77bc78ab7a8
SHA1

e5e7f8764616f0541fc7bbf3d5ebcf3cbf6d0165
SHA256

47dd60bbfdc2b5720615a21d65ca18d4eb08fd6efec39fc9a75f7bbf5a39cf2c
SHA512

fee891ed36f6787d7268331dfd793340e109a2988cc22693a5013af890840d5b01bbc6d3760bd20942dc088d4c716fd268ffe05b425dc3ac194a6d0db6297468
SSDEEP

196608:RXFGPpySVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:RXVuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	47dd60bbfdc2b5720615a21d65ca18d4eb08fd6efec39fc9a75f7bbf5a39cf2c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2392	47dd60bbfdc2b5720615a21d65ca18d4eb08fd6efec39fc9a75f7bbf5a39cf2c.exe

C:\Users\Admin\AppData\Local\Temp\47dd60bbfdc2b5720615a21d65ca18d4eb08fd6efec39fc9a75f7bbf5a39cf2c.exe
"C:\Users\Admin\AppData\Local\Temp\47dd60bbfdc2b5720615a21d65ca18d4eb08fd6efec39fc9a75f7bbf5a39cf2c.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
4fdab337d4873ab05fdacf13d870b6f5

SHA1
01924ccb74b42923c42010314ae46a521d8529c2

SHA256
78d992efe19400ce427f56f1a00c321b53d1d7d0fd6e3e606c3c53ba19930303

SHA512
6bbe252e3a7855a31f0453a7f10928724cbe9b9f6d1b80f57e5fc6d2fdab2261c30bbd96cf0a2d8d83c3cf41a7f7970009276f8dc0512805d7a7d0bc14ba3a1b

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
20b8230aa65f9e37eef2a60f097c595b

SHA1
dda8b93a11c47db82e5bc1fd74ca5c99be1cb095

SHA256
a3c6cf94dcc80bc6828226a79acad3a5c49818739a6c2d33b1d2722cf3c43fd3

SHA512
6d4adc801f02c481e12fc4ecb79a8bf0e6b2f1c95860d6de04b8d19f382000fd488f0c4d60a2def78f731aed7465f2fc4ff3b3d93a159625187740524ef728a0

Download Submit