Overview

overview

8

Static

static

3

13da490df3...a6.exe

windows7-x64

8

13da490df3...a6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2023 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13da490df323901282b95fea1283b4d7d54bcf9f12d137046b8493d0a1839fa6.exe

  • Size

    4.5MB

  • MD5

    f7ea1971298e33320403978a65934d72

  • SHA1

    d5462a32c6fcf3ec17fbbeb3c9e83e3cf702d469

  • SHA256

    13da490df323901282b95fea1283b4d7d54bcf9f12d137046b8493d0a1839fa6

  • SHA512

    97f5db1077858c679dfb5e2badcf02c1341dba35773d10cee72f541cf84b2c132df31c024e180c7c7b20587be8540e286d3b47a40322070c5f10779617174fcd

  • SSDEEP

    98304:B9xEpja9gwFK2JcwtTwPAHqx+gKdzOJDb4v+:6p3tawN0v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\13da490df323901282b95fea1283b4d7d54bcf9f12d137046b8493d0a1839fa6.exe
    "C:\Users\Admin\AppData\Local\Temp\13da490df323901282b95fea1283b4d7d54bcf9f12d137046b8493d0a1839fa6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    1KB

    MD5

    96d86b03ad21f73636800718a3527b5f

    SHA1

    16b634bb89c71d4f47bc4a545a5f0850649f4929

    SHA256

    f1a04058c149e0ec5f56cfb7cf8627c4dbdc068440c9f031338cc5a629d75bc3

    SHA512

    9efffacfa0832371832d91c2685a001869fb400b0ea267d1c755473136bb8f1ec1ced7630721c4604edabe83d168f38091c58deae21751fc50dacf53599683a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    8KB

    MD5

    358a3f8486bc3e18dbc8560d5420a00b

    SHA1

    de3727b4f6ae041288281fc92fefefd8ad69cac1

    SHA256

    7c461568ec5dce1ac0980c4f34001a743b2e22b6a5f37111444473e12a7544d5

    SHA512

    8a5dfb1e48e6573fa72b571d613c76269cdd001c9c26a3ec4c058bd27c87f3772d821940537cb73cea35c8313270e04c17dbf891dd01aa21970588daa8e1a1b7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    7b61cc3528c923c2b837fdb32188f36c

    SHA1

    2071821415cbc540aa60d2a16c9208555ef87ee5

    SHA256

    8d29977a95474504dcbfd17404d4060ddfc1d777e9f164b7ae28bdee8f62c875

    SHA512

    5d0e54981d1d92521ef01fabbc64c8d3e4a9114085f1e35c80df50e3e026452b80f4868bef3130f76634435ccb084ba957ca813f769886f29014fb9eaf6ee8fc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb705F.tmp
    Filesize

    129.0MB

    MD5

    db579794312316aa1138d010287a5dd2

    SHA1

    29aa232b671ea24c281ae1e8e3f4e7620f7c2a22

    SHA256

    e5104fa04845b01df203c4fd295a2183cce1f688154ef23ed73fd7b000edcfb3

    SHA512

    d67ae84449d74b5d2426943c4debd381bbb9234f7854b55d64f05472f8de5f7933bece0084bad92ef700d87b902670d5794fcec697135b6d5c22604e6a8e687b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb705F.tmp
    Filesize

    129.0MB

    MD5

    db579794312316aa1138d010287a5dd2

    SHA1

    29aa232b671ea24c281ae1e8e3f4e7620f7c2a22

    SHA256

    e5104fa04845b01df203c4fd295a2183cce1f688154ef23ed73fd7b000edcfb3

    SHA512

    d67ae84449d74b5d2426943c4debd381bbb9234f7854b55d64f05472f8de5f7933bece0084bad92ef700d87b902670d5794fcec697135b6d5c22604e6a8e687b

    Download Submit