Overview

overview

8

Static

static

3

298caa6cc5...bf.exe

windows7-x64

8

298caa6cc5...bf.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07/10/2023, 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    298caa6cc5155562db42eaa0e37ac934eae6f6470646f26b19c1c62a93b546bf.exe

  • Size

    4.1MB

  • MD5

    e3026c24d65fef6463e369b0b8ddd981

  • SHA1

    ae4309bb7d2c4dfc141a3133251bd1dbad47e1cc

  • SHA256

    298caa6cc5155562db42eaa0e37ac934eae6f6470646f26b19c1c62a93b546bf

  • SHA512

    ca313b0f7214c13dad50ff8e8d403f3d356819ef9f2bb11f297ad4ab58ee7f1ab8ce8eea01516e0ad389e87d798579bd34e1425c9d32fd44d9ea913b2d9d2ad8

  • SSDEEP

    49152:nJG1P05g+Wzi3n0txCvRV1Y+r5u8QeKxFOJxdb4vZKV:JG1c5g+Wm3n0t2KdzOJDb4v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\298caa6cc5155562db42eaa0e37ac934eae6f6470646f26b19c1c62a93b546bf.exe
    "C:\Users\Admin\AppData\Local\Temp\298caa6cc5155562db42eaa0e37ac934eae6f6470646f26b19c1c62a93b546bf.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    5KB

    MD5

    7d1399e4a20dba525c6c658e20b67c6b

    SHA1

    7d0ac42c15dfb4043c29df7248df24de30bad9e9

    SHA256

    5b681c2e351ecc6910f084d97bd4f0cb5a7cea1bab1748a022653a08b35322c3

    SHA512

    7ea18e8c16f09358efbb0ae2429aed132c7f6d304c870c1ddbf858c2aaab2bd8ebe6ce3ae6416b8d0a6408c71080b5501aaa5d4818e637001a6518422038a7db

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    f22042d2870d205556ce7e0af76852d7

    SHA1

    5bc247f03c28e37e02e8e5014af1e25a030a7625

    SHA256

    2b1af461126c2f5f81c746275c47fbac32dad7c231d0b1ead2b173928515825b

    SHA512

    1c6376781e64419fbc867a29dd19d332dfce70cd605dc95ef0589d80e238550b3bab2481c9a42b078cb0e3bd4d6d7fe3e746fe55257c21c96ed55a26c316f5bd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb455A.tmp
    Filesize

    140.4MB

    MD5

    4cb143fdad968165c2dbe48ba8950bb1

    SHA1

    cb0faa0650fba759a596663382cc6692dd8a727a

    SHA256

    4daab0bcf0af280b939c6b52df6d7b98bdad5d062b65fc4318e44f948f43103c

    SHA512

    a6613467737f9ad3a554a97e71053451eac5ba966550708b77b4b1ae1a0c1aab1845ff94563701a1ff1cad27cfef59d8f733838871d139c4599ae72a104ea821

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb455A.tmp
    Filesize

    140.4MB

    MD5

    4cb143fdad968165c2dbe48ba8950bb1

    SHA1

    cb0faa0650fba759a596663382cc6692dd8a727a

    SHA256

    4daab0bcf0af280b939c6b52df6d7b98bdad5d062b65fc4318e44f948f43103c

    SHA512

    a6613467737f9ad3a554a97e71053451eac5ba966550708b77b4b1ae1a0c1aab1845ff94563701a1ff1cad27cfef59d8f733838871d139c4599ae72a104ea821

    Download Submit