1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df

Analysis

max time kernel
89s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe
Size

7.9MB
MD5

8439e6efe0d12a68bc2b390d08800f98
SHA1

b695cadff5219e364f175361aa34cdbd8472eca4
SHA256

1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df
SHA512

2c22d7156cdab893bd77cf46c8beb3d20d0aedc5e68d3aca554ba996e6a1bed296dedb945c8eafd6f899078bbc4cafba908c40c0bba62668206bd63d2821a719
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
804	1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe

C:\Users\Admin\AppData\Local\Temp\1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe
"C:\Users\Admin\AppData\Local\Temp\1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
ab3b1333d36d8ceb4c9d54bb951a9ace

SHA1
4e0804401ed9d57914d5bd347a26155c0cebbb13

SHA256
6860c283e7ce5c05bdf95d854270daee5719f841d6019f9bc74933b26f90270e

SHA512
8fa722e40999d917fff4ea48ea2513ee4222fa8268ba5bf0facbc263df269521d666b3f58bdea93bb1912e118a0f49b0b800d48374287cf831853e07e18d5d6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
afe4419cb799b353ed91d6525498d223

SHA1
bf8f9e7dc82cbf77a85534327e4b5b7088a72e17

SHA256
04446bd3e8b04848cc99990848efa5c3d9d91f5bfd07db78b1a29e2c2885a267

SHA512
7e64fc6b9483f4c0395cccfb2913a279d5c22d1ff1837f7942075c8ad38afac40b44404d4a7af8127aa734c1a9793aeeab42dc94c87472acbdbd8012692cbcd8

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
a03bdfa10f82d0e9a24b8a8533b939d2

SHA1
3a6eaeaf5281a7b9b24a04aeec975acc3f6f335c

SHA256
58ef26af5a4d7ec45fb02e34ee3ba5ea45bbea253f1bf0dfb19dc451071064d6

SHA512
8ea691236ed7d978d905a1e42778bd5aadec01e88197289788b4099f9ae572c530333ce34d67014980e02b34d4605aac9db39e3ff78f3f8a9fef9de2817420cd

Download Submit