6c2dfccbaedf4c9585c9800784bb52ee9fe566799d60af50b15221af6988cd09

Analysis

max time kernel
92s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c2dfccbaedf4c9585c9800784bb52ee9fe566799d60af50b15221af6988cd09.exe
Size

8.2MB
MD5

60a4586e6c7b39fdafc1d56e825f0063
SHA1

4d11b8f9181f49edc14b6dcd23921042cd02009d
SHA256

6c2dfccbaedf4c9585c9800784bb52ee9fe566799d60af50b15221af6988cd09
SHA512

a740b99cfed326dcfc5e56c49ef6bd98b939b7e5938c8f42c4a1dbe4cadc72646d517bc1780ee5c179443d7881608e3bac45e9ba4d04148b53df9bf6d0f88e31
SSDEEP

98304:sd0wpdjA7nvOS8N2XfSfUf+7KkTKdzOJDb4v+qzWQQMIHp7w0r5DdQwNSH6uE2Tl:Qjdn2PGA+2HwN0v+qSJ7P5Ddh0HtQee

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6c2dfccbaedf4c9585c9800784bb52ee9fe566799d60af50b15221af6988cd09.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2520	6c2dfccbaedf4c9585c9800784bb52ee9fe566799d60af50b15221af6988cd09.exe

C:\Users\Admin\AppData\Local\Temp\6c2dfccbaedf4c9585c9800784bb52ee9fe566799d60af50b15221af6988cd09.exe
"C:\Users\Admin\AppData\Local\Temp\6c2dfccbaedf4c9585c9800784bb52ee9fe566799d60af50b15221af6988cd09.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
0c1bf55e3f6aed9a7e3f25ff64278792

SHA1
a9574cf162d570e2a704bcbba948ed6cc4c5df03

SHA256
d54002b24e69a129a7f848db3e2f95b4ee3e620c429411272286cc0fb42c7994

SHA512
e461671c02167469efa52e2865e19e6bd1ca615e5eab86769b37165e8a36339d7553e8cb7e097523f0ad515ee7cf7e6f6124c5ee83a39743ba13293be80029c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
0ab2f972e751be07f4fdfcc47c1ddf52

SHA1
d5bd1c734336f78fba6786fbd45df6a55ba9c9c6

SHA256
f77df5a82f2ac107df1775a84da5e0b0496f3b28fa4b639becc5f5e8a0c318c3

SHA512
5521dfd2c0772d180810a3e937ad77df07b609c1cee72a66d98008ad404e317d6560268fc6ef6edd1f8e6c1f0c4fd2ce1e19796a8fc36829d3ad708caeaaaff1

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c9755ba04f34bfdc9bfdec7e89e474d1

SHA1
93637b202e97c016a6427e84344f74c0c19f547f

SHA256
c4fb48b65ab74694416bad8f53846834995c999ef59c9563ea1060d24efe3eb8

SHA512
04620b26f4b17acec705695667a62195a9998953b236a5397b048bc77873f4fcfc99f40d5556b249df164815813360ef4b433ab116dd4cc7e6e461e0cfbb70eb

Download Submit