e0de016b376fb0a86fdded81e35f4a4da73e385b6061adff84f6c187c40cd3f5

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24/08/2023, 19:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e0de016b376fb0a86fdded81e35f4a4da73e385b6061adff84f6c187c40cd3f5.exe
Size

3.7MB
MD5

6bc1ebc5f4faaf9c7ba9006233dff3aa
SHA1

367845ef37b663e15628d8e632b07d70f1a4f3e3
SHA256

e0de016b376fb0a86fdded81e35f4a4da73e385b6061adff84f6c187c40cd3f5
SHA512

df75674ad78c142a6e3bdeae09098318e0d8612a24c262a9cb35ef0d2706b1606d42e02b7c9a10960525cbbeaf9eeff04d4f836b7cc11ce35f65132932b4e78c
SSDEEP

49152:v6x/NP5OJ7noS95X6mXfKezJgB+r5u8QeKxFOJxdb4vZKVB7:Sdh5q7noS9h6mvDPKdzOJDb4v+B7

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2368	e0de016b376fb0a86fdded81e35f4a4da73e385b6061adff84f6c187c40cd3f5.exe
2368	e0de016b376fb0a86fdded81e35f4a4da73e385b6061adff84f6c187c40cd3f5.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2368	e0de016b376fb0a86fdded81e35f4a4da73e385b6061adff84f6c187c40cd3f5.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2368	e0de016b376fb0a86fdded81e35f4a4da73e385b6061adff84f6c187c40cd3f5.exe

C:\Users\Admin\AppData\Local\Temp\e0de016b376fb0a86fdded81e35f4a4da73e385b6061adff84f6c187c40cd3f5.exe
"C:\Users\Admin\AppData\Local\Temp\e0de016b376fb0a86fdded81e35f4a4da73e385b6061adff84f6c187c40cd3f5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
955dcddabd4183b98629f44f7265934a

SHA1
e54e3f4c404762a734c20b94cc3c0e37d03b6918

SHA256
f61a75035bea6089f9114bacddcd33a32f8587cd399e3a3616f670b56a11a251

SHA512
6811fd9eb1bc3378d9b0b791a7d02dbcdd4661f82472f45dd7165a19ceea812e6c1c6c0aaf903c9aa5cb540245f3030bfbf5f5435e2e7cb7717a6787d0d93c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
d8d37b484175ff65698973abdfec0619

SHA1
b3dd623a41444eb4639a7ff9cf1d1325cc9438c4

SHA256
ad0ac2622b3b2d30fc41fff6116883905463f1d6dfd95e52b8c939fdbb47d3ff

SHA512
f3869b07cfb2471aaf815b5035598c0d0810fa7b13fd552abe94d194a2c56bf55b5210eeb08ef8ab8a1a0b7f000fc9684dc3b9bd15bb800491d5ec79ec2e3a33

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
f6e45864b057b3c4e38eec7574f9afe1

SHA1
6d572d2df5afad5a4113d57275a021aad9f7ac0b

SHA256
97ac1bc71a7e0096e13ecdb59d33ffdb171df001d3ad7ec133168713e54c8f87

SHA512
21cd63c104cda4a6a09dc8746c47b8fad056ff85e590b76d08dd43317dff5bd87c4639dd44f0d7146ce17d766385c9351931ab9eddacc6dafd1070bc4fa197d9

Download Submit
\Users\Admin\AppData\Local\Temp\yb8018.tmp

Filesize
143.3MB

MD5
4d774fdc773c577517eb9c82ee0e824e

SHA1
d69787bfa964fb095b45eb090be7a0d1cb103a39

SHA256
1cf5a864c92b951981333bb67c0fdb200690baabfefd10579b0da3a0a60a7571

SHA512
78d3be8b0499e610b056f1f3ca6853aada622426781239a1a47a348cb26a3f895ba75e986378d1f795cf2083247570e374fcd36bd2a5f9a220866b51e81afee6

Download Submit
\Users\Admin\AppData\Local\Temp\yb8018.tmp

Filesize
143.3MB

MD5
4d774fdc773c577517eb9c82ee0e824e

SHA1
d69787bfa964fb095b45eb090be7a0d1cb103a39

SHA256
1cf5a864c92b951981333bb67c0fdb200690baabfefd10579b0da3a0a60a7571

SHA512
78d3be8b0499e610b056f1f3ca6853aada622426781239a1a47a348cb26a3f895ba75e986378d1f795cf2083247570e374fcd36bd2a5f9a220866b51e81afee6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads