c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a

Analysis

max time kernel
37s
max time network
155s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a.exe
Size

7.9MB
MD5

3e3a43061f0a6ce36972bda205f7fe77
SHA1

f252342cf539eb59fac97a9037c387892a9adb82
SHA256

c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a
SHA512

834896fb6ef11d6d0152739eedd62e200033deccd1a05180065906fb9310a361686421f0812ca8021042852bc3bb13aca217a39b4aa560b5a0810cc9e9edbbfc
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
432	c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a.exe

C:\Users\Admin\AppData\Local\Temp\c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a.exe
"C:\Users\Admin\AppData\Local\Temp\c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
13KB

MD5
40d50336f1799b9a95088a0d02457781

SHA1
28981bcbb2758ee283096a21b4ec6b1aa9336a1a

SHA256
c7d8951a202530adf445ac43eef48ac9f78b43da0209edfcceab7ea9a48efd74

SHA512
aefb483504e5fff30714e4f25255a7529fcf08674ef3081a00ffbc79849ad36e8c9e102d5940ca302acb760985d35bda27c2ad2a0eac6eaa3dd0100047c2689c

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
dbdf9a14cbceac8550b0b88e94aa24be

SHA1
5ef97c4729b2f85908b5dd9a1ef886b86fef3d70

SHA256
7c9b5c195a4ba01df864cffeb1b9a73f84a587c5f9d579d05d1cd517b8d34a79

SHA512
8a8e5505c8d2bddcb17ec014e8f45a9ab80fb17a2fbc6a82b470c71ce2fcb63140ace82f4be5808b39854df5a2bcb0efdb9e25fa89275a7cb3fc45c8ce9cc19f

Download Submit