cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe
Size

8.9MB
MD5

f4c7acb68b667b4321a0b84a2d37f95f
SHA1

6f0dc231b33b89b9d1ec0c745722b85a3ae2f68b
SHA256

cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552
SHA512

34c0471a6fe7fb97d79be134cce4b82a31ef5f53e04e2d79bb7fe712370794c10401e1d8822ddd48ab7ca50d9387d622a787baaf157a12619477cad2b38a4190
SSDEEP

196608:ZYPRWWv9RZ24NTx9Pe20/zkOiu1f+79YRCk:ZYPRWUjQGdCzkOiaf+JYRC

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4432	cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe

C:\Users\Admin\AppData\Local\Temp\cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe
"C:\Users\Admin\AppData\Local\Temp\cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
9d3d4e295f371f6ed2c32518b29a46ad

SHA1
e00383c7bfeb0206924f53a821b1e6484783ec14

SHA256
867d3f6f0ebd63d86d14baab204fcbfb7ac4547e70300fb2a3992fb45c5b9deb

SHA512
7029756b43760f6dcec52f9bb2fb8e2d323ab2b36890a35004d20682d28086f7fb3836c93623554ee923ba893a002bd32939ae964c2c8de1188645af0228913d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
619a5a121ae024fff4176392511d7154

SHA1
c221baf9dec07c80e95d6071bc968e00966f10f9

SHA256
03f3c3e4d8f38277432fbe728b8f1a796a8e202d56f07af9f866d2f71bc5ca6a

SHA512
207307e83b3dd71ff8c9cc949c99a6426b3fa79d6f01905dcad222e9fdd5c90c6bcdbfecaacb1801ddd9a47f7d4365cc1d236b45e64683d251acd2505216bd6e

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
69bc3e2c72098c114c83711eadcc8be2

SHA1
9152c813e22b2aa6427bccc9541c585662e0e79c

SHA256
7cb4e72903dc41f7e92b05f4439e5d20d4ec4dbe5e8ddd55dc36eadd7074a451

SHA512
71980947ec7c70f43772e5890734d9a611bc2828cd7c9809a25e158f388f30dc44d5bd2a65afeb2010782f889a9254e3369d592abce31f553a98e0feb539dba0

Download Submit