68a978d79c28dbc77bb7b7d24e45068d295814894f443b945fd2972b3029649d

Analysis

max time kernel
93s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68a978d79c28dbc77bb7b7d24e45068d295814894f443b945fd2972b3029649d.exe
Size

7.9MB
MD5

9c647029eba7a6d7f8562afe8b6a88a1
SHA1

661d944e65cd0ab04ca634fb246554feaf61c7c3
SHA256

68a978d79c28dbc77bb7b7d24e45068d295814894f443b945fd2972b3029649d
SHA512

4f25dbdcd6a8c6245c997a30603c9823e87f2ca4c3465ebd0c4ff3ff5905a056f08265b3a0dc1724d47b9aab117cc87d769799d462b236f9da311d840a278ae5
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	68a978d79c28dbc77bb7b7d24e45068d295814894f443b945fd2972b3029649d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
796	68a978d79c28dbc77bb7b7d24e45068d295814894f443b945fd2972b3029649d.exe

C:\Users\Admin\AppData\Local\Temp\68a978d79c28dbc77bb7b7d24e45068d295814894f443b945fd2972b3029649d.exe
"C:\Users\Admin\AppData\Local\Temp\68a978d79c28dbc77bb7b7d24e45068d295814894f443b945fd2972b3029649d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
e4de6a9d9712684aafcfd25935a13cfb

SHA1
c347af41d3a74e36ac0fc1a34a1f4bd8dd363741

SHA256
178801504ca8c8d273d0447baae5860d38749544dd35c8aa568fcd4a6a4b87ec

SHA512
71f65de3a478a4640d049c1e2a9723fd3530546d33ee17a31fd2326bad4c17b28ac86f069d8b874ec1f81e435eba515f2c3a8f4c9d68f70556738adf01e3f60b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
2ea770ca6c3e09ce279f85ad53ba9888

SHA1
d35ed2bdacbcf8a6f6680c7ff07f1a14c7a269df

SHA256
98f2d60140331cb598bf042b551296625f45bb04666330157d8b154555e78fc0

SHA512
9f30e95babdad10e7b86c83d30902ad6a2bbcfb3adbba64d1345ab0645e247f672cf03de76283f4ab84ea91b41b0111b89bedda7749f6a36e2315e63b1d76e52

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
7f4282f20bf8500706fe1027597fbec3

SHA1
bf65c512068a2a796bbdd87dd83e3d2357b198bc

SHA256
0cf826d4665201b19160464476d2325070466681812606b7535d4263d588147d

SHA512
27ac0d0586dc1cd2398d4aa0188c696e12becc3e8401354a3e72ec8b48ceac839aba594a0c958448854036fe016bcdbb9b13033e44e644a72420c2cf89fe5dec

Download Submit