c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a

Analysis

max time kernel
78s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a.exe
Size

7.9MB
MD5

3e3a43061f0a6ce36972bda205f7fe77
SHA1

f252342cf539eb59fac97a9037c387892a9adb82
SHA256

c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a
SHA512

834896fb6ef11d6d0152739eedd62e200033deccd1a05180065906fb9310a361686421f0812ca8021042852bc3bb13aca217a39b4aa560b5a0810cc9e9edbbfc
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2316	c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a.exe

C:\Users\Admin\AppData\Local\Temp\c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a.exe
"C:\Users\Admin\AppData\Local\Temp\c02e9866f66b73501a535380ab28175f8311f793197e36eca7b157a2d37da47a.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
be40535d32ced303b015e3a828db035a

SHA1
c3ed22e64378aa85cf0bd053284da4567c28d6b3

SHA256
d428d84594a3391de4eb5910d242ec9b32d61067406c6a52e8591af704497c64

SHA512
f7c5b7bc292ab48f1e2e3bcb525ff376f9d41b9d1c697ee865451c890e8b03885577314f57ae8ada6c07590182b16a860b46a866b1723e5ce8dac6685678b633

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
1af18899519c8221bbf800cce948e242

SHA1
1684373ebfea1c689b4d5724b3c2d39fa4c8836a

SHA256
d5b23940f6dcd336facea2cfaef0ec1d4ef622e13ecfb6fe3955a3cc572ee402

SHA512
ef6767ee29843092bdeba017436cfa824024143e76fc99452592355d37926744df20ec798c4f5a2f85ba2dbb913176621979982d11c2f1aded2aa7008309ebb4

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2beee1a29937a3466218e1851c5b85f7

SHA1
830e2e6f3fb49288b5a6030443da5c41767e21c8

SHA256
da7cc717942dcc83c4ce4f287e7f7b2f5a1f56145d578685bf5fa301066200d9

SHA512
9523ed1a68c3d232487e539c8ecfb817ad82946f96f54e716877b36b5b3f7148f84de5c263c2cbe318a5e9554522ee4f2501fd3f8d3dd12454fb95c72b58dbfa

Download Submit