6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe
Size

7.9MB
MD5

6d2d59a69c0e3e8ec0507d66b15e5d55
SHA1

7ac8e562f54e9eade403b44f23a0550c5f1d6360
SHA256

6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e
SHA512

3abf36a8de832de046eb960327c2ed06a6e7ff6a4b89999d3f103edf10ff4c6b2a3a7aeabd56d86095babf82ab308a8768eb6299662b57f9db08f7d9fac036e7
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2480	6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe

C:\Users\Admin\AppData\Local\Temp\6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe
"C:\Users\Admin\AppData\Local\Temp\6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
53f295df73a5d7a007b0b61b83a084a9

SHA1
97e2ccb7ec156ac462062b5bb1e8db83c41fbc78

SHA256
55c52796829d4bf606ed20fdbd2b7c78ad100aadac259e7af7b2e9aa75ed8a15

SHA512
9c1f0f7568bc951afdaecf3981be557e8d115080c5caf9cb92f2e548f5d67b3e84db119003c00d5c84748809b323122e688340910e34ee44590c567879f302e8

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
b87a7af800510c07b824b5384aceb538

SHA1
2ee1ce62c7421e9fee49fa831c66bcbe98ee7c54

SHA256
ed07257b189216077b8193cdb5416c791092413f8f08189543028a89ae46fcf3

SHA512
28ecc06c615a8b155a4d31d3701f8759f3ee7b66d93ee8cd86a319ce16b5a619f94529d6b31fb9a510d00c1ec7fa9435a5c62d6ed96538c6a381558b31a4d9e8

Download Submit