fd82570ab9005bb8112794a80707da320118e73d6b686df67ca40b0acd082af4

Analysis

max time kernel
92s
max time network
159s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
28-12-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KMS Tools Lite Portable/data0.exe
Size

213.0MB
MD5

9a179115f8f2771db1e41f8dd9512b7f
SHA1

e80018af5e320557f621b35acb2ac25d2dd8ec8f
SHA256

d6229fed007c774f52a8fad1bbbd184fc036440a786bec9e0a839565ba521c77
SHA512

2143b716a144693d804bf9d7458c804f3bff3432d11f0815dcadc9664347dcd5dcb0b0b5790ec3b92061cd58f5ba5a4cc1ea7fa5174d4d8db8668441a6c74d5c
SSDEEP

6291456:OorliqWI/KmbMNHNGwxODJu43vyO0pyDWJ5Dr:OotWMb4IwAkU0pyk5Dr

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	data0.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1604	data0.exe
1604	data0.exe

C:\Users\Admin\AppData\Local\Temp\KMS Tools Lite Portable\data0.exe
"C:\Users\Admin\AppData\Local\Temp\KMS Tools Lite Portable\data0.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads