d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44

Analysis

max time kernel
95s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe
Size

7.9MB
MD5

bd00b517b0b69429ebbe41257d17f3cc
SHA1

2a5a0f76e2b829145017d5e046c3a21c748b8f91
SHA256

d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44
SHA512

b60ec24580557f4a467bf00eaea13d0558e6eb0e98a66380a0f66efd6bb3686af8f7af0c4aec94c2d6b6e36f4845e45782560130795ba86802352f038c2ec10b
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
544	d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe

C:\Users\Admin\AppData\Local\Temp\d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe
"C:\Users\Admin\AppData\Local\Temp\d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
b32f38a888810ea8aa647a3631e9292b

SHA1
1ecafdc5215e301e28e2a011b69b80da4ff05755

SHA256
d1523279be71a2dd2803820b75f66dbea35e0020df505b64d3d061871d6fcbbd

SHA512
0c772764cc89c8949f538ed4db05081118b0297035074b1c447a23e7fced1bc4707e595ed647442196d943805099ca1fe4943f13b5b7eb4568a4e1ff2b430b9d

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
8c9f8c20de614e017598a365aabeff4f

SHA1
6c26828401a53dcb290482d8945aab75372279a3

SHA256
21222694d8bdd4f9b1f4fa78bd2285991b3503b5a14d87f252df0a065192e1e3

SHA512
bb74c9c1b8874f09cb58a5e671105d9ee7279d3720952f349eefb437ff5264f9a6f567b86f21228d1cbfeb12cd0278e70a3ad237c2c7fa406b601702c410a1ed

Download Submit