d009f8ec15f6979183ee59dba71d0d3375c9222834a280de5397f18a2da380dd

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24/08/2023, 09:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d009f8ec15f6979183ee59dba71d0d3375c9222834a280de5397f18a2da380dd.exe
Size

4.5MB
MD5

8bb6b48add7ec8be539b50bec7484a7c
SHA1

d34224e6985113bee694f40bdc09e9b6587e6168
SHA256

d009f8ec15f6979183ee59dba71d0d3375c9222834a280de5397f18a2da380dd
SHA512

2cb2b940d79c24e512d7d7191f8a3196f2ea03645ab27cf188bfbfdee31e140d84279b7ca3a05a827110f82fd5cfee48c12df9f90b2e1aa1f7a598868feb1354
SSDEEP

98304:ZOLHzIDtxDSK2Qi26im50OORKdzOJDb4v+:qym50OlwN0v+

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2224	d009f8ec15f6979183ee59dba71d0d3375c9222834a280de5397f18a2da380dd.exe
2224	d009f8ec15f6979183ee59dba71d0d3375c9222834a280de5397f18a2da380dd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2224	d009f8ec15f6979183ee59dba71d0d3375c9222834a280de5397f18a2da380dd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2224	d009f8ec15f6979183ee59dba71d0d3375c9222834a280de5397f18a2da380dd.exe

C:\Users\Admin\AppData\Local\Temp\d009f8ec15f6979183ee59dba71d0d3375c9222834a280de5397f18a2da380dd.exe
"C:\Users\Admin\AppData\Local\Temp\d009f8ec15f6979183ee59dba71d0d3375c9222834a280de5397f18a2da380dd.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
6f33a695b55d187e02b8711aea994f41

SHA1
e140604f9bc79d9e8da21002299500d12acf04dc

SHA256
e8944fd51e0f232fb4cd06d75af43d209ff4798757cb9d156f7c80ef5187a39f

SHA512
406dcb290ea848578bb88ec0f98ea6a4887cf0cd35b889d11d0889307613e76b0218c711eeb295d5022d3888289a31a0cfb37c7e3626182b55f5bd61a2f19050

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
816bfb26484e62de9fd4e862fb08748b

SHA1
e7d2f144ee5251ba678c462b3a29813935e9d438

SHA256
440c507b8665048904c5fe622952ef876af5c18e8b11f2123a5f4b9a39fcd7ac

SHA512
5cdd687a216aad6552f9663a92fd6cf791d6ba86f95805041adcfcdc0e0f1247c27fa337c0f4ade7fd4fd932372c20859bd45a4a4d28d6ed1f7ddd274614a6ea

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2f382f0e88b5535eb812053023ee619c

SHA1
f2c2cde3e1a36afbfbdc4cafc8d9b81915688789

SHA256
535186905af327678537155e7df22491e72d19bf8f0e5260dc54fe7013e9cacb

SHA512
ad9d335ed219322032e82afd921a5912160b25f52a2cb9c1e7a74819a855576138d2365a283498036af2ef953ef84677275ff616db73cb867012ae3c73b3129d

Download Submit
\Users\Admin\AppData\Local\Temp\yb86FB.tmp

Filesize
129.8MB

MD5
51a534ddfddb68c31a1ba04aa86d5e6d

SHA1
25a12cdb763d5cde3d7cfc2717c84a9c9e99c130

SHA256
c54ee5e9df39d78f2cd3fd6881e420e6d56c317b1aabf869686c6c40f9981b71

SHA512
1f206ad90ed780f65431068da1287dd2201fc5610bda669d3eaaecae48a85d1abd995ca32a6178c7ae1190c552c1eb328f44e0c0fe9cec4099f6f2fcf69b5548

Download Submit
\Users\Admin\AppData\Local\Temp\yb86FB.tmp

Filesize
129.8MB

MD5
51a534ddfddb68c31a1ba04aa86d5e6d

SHA1
25a12cdb763d5cde3d7cfc2717c84a9c9e99c130

SHA256
c54ee5e9df39d78f2cd3fd6881e420e6d56c317b1aabf869686c6c40f9981b71

SHA512
1f206ad90ed780f65431068da1287dd2201fc5610bda669d3eaaecae48a85d1abd995ca32a6178c7ae1190c552c1eb328f44e0c0fe9cec4099f6f2fcf69b5548

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads