70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec

Analysis

max time kernel
96s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe
Size

8.9MB
MD5

ffaffd5e5b02901863a2de489edb167d
SHA1

728420f4950c2383a6b257a0bd4d578ae664e203
SHA256

70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec
SHA512

7cb0290e9690106600566c8358d6b12e50f8cd4409cd5801e674e9994f7ddb995a06690f4507cd5ff0a3095f75f663c22ad7dfe428a7a4b0e1e3f32ca492a11e
SSDEEP

196608:ZYPRWWv9RZ24NTx9Pe20/zkOiu1f+79YRCk:ZYPRWUjQGdCzkOiaf+JYRC

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

pid process

3128 70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

pid	process
3128	70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

C:\Users\Admin\AppData\Local\Temp\70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe
"C:\Users\Admin\AppData\Local\Temp\70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
3d1e4a0ae88fce602708ed7cd0c24938

SHA1
b6cfe28bc03e5aabac72dd0f734b1cc01d81766a

SHA256
4602bc8df1d345e87248071b8a6821d5b13140fed1e8e8d27815089db2c3b3c1

SHA512
acbaa13e1e7521d6501740c811f1432446663d4fbed38cea12e93a2a2341e2d83f9fd51b3d1cafaa734d5746eeefdf93cba8fa67bb197ded8b9f404a6db78d2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
efa17fad8d3b434ad64c633dbf4e0973

SHA1
805c0a86272b0e0ba92025298d8c1e66c22a2468

SHA256
192229d00b8c176611c75b524633d2bcce919dee2b42f5335672b99601e2bdae

SHA512
6f05f1f4bfff379059bc950886e8eb3d3bbc39f274d52fc8575d2a99547dba07bccf1d1823aa4b9e0a36509ceb54e0c6a0e6311fcfc8b8a769959855e46ead93

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
47e69aa9a8cad23b0c3efa442a7ee0f9

SHA1
5d33027268cc151f60024e590aff235ca464355c

SHA256
5d6c4421650d347d99000d0a87c690a39e155a0a63d92525a8dcac461f4f29aa

SHA512
ef602654adb43bce1af49ffb01fc88f8caa6ba8a39929089f003f6f4d0bd04f403a63308326e04bd028d1b1d9914ddf0dae2670c8aa6d3e65c4405c5345214d2

Download Submit