ca030f363aed370b7e5f5a3d63aa2efd4fb65801ef80f5da2ffbef1c045db6ae

Analysis

max time kernel
149s
max time network
181s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 23:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ca030f363aed370b7e5f5a3d63aa2efd4fb65801ef80f5da2ffbef1c045db6ae.exe
Size

4.8MB
MD5

4325be2fd72b3f14d52710e0b079823a
SHA1

912d55d821e3a0aa20c5a6be178f4a517abccd8c
SHA256

ca030f363aed370b7e5f5a3d63aa2efd4fb65801ef80f5da2ffbef1c045db6ae
SHA512

e0af45966ba4061f1ab4cba1ebf72d05bb5f7b38e616c79970f7f530c6ed582ec5e385c3bd8b9be416013bf85f7a88eae0bcba11d4c63cb0a9eca430d7de3a22
SSDEEP

98304:aCqihzkscrzxg2qnxIrp54ornnOKdzOJDb4v+c:RzxKrp2oTndwN0v+c

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2768	ca030f363aed370b7e5f5a3d63aa2efd4fb65801ef80f5da2ffbef1c045db6ae.exe
2768	ca030f363aed370b7e5f5a3d63aa2efd4fb65801ef80f5da2ffbef1c045db6ae.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2768	ca030f363aed370b7e5f5a3d63aa2efd4fb65801ef80f5da2ffbef1c045db6ae.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2768	ca030f363aed370b7e5f5a3d63aa2efd4fb65801ef80f5da2ffbef1c045db6ae.exe

C:\Users\Admin\AppData\Local\Temp\ca030f363aed370b7e5f5a3d63aa2efd4fb65801ef80f5da2ffbef1c045db6ae.exe
"C:\Users\Admin\AppData\Local\Temp\ca030f363aed370b7e5f5a3d63aa2efd4fb65801ef80f5da2ffbef1c045db6ae.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
282998d4a852864b9af3ca14ce8aa488

SHA1
e68f6183d223bd847663f75a0aeddf795dfb3c99

SHA256
850d762aca199c3d49b82508125967c65ea48b0e683f3f08232e91456295c473

SHA512
a4aead38b1e65a261fbae8c5edf11176fe7efc1dbfade658e2ff117e88ce1743c3306a5c78975a672fa32a7d9d97a165756f52158e5104904576d378542ab414

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
6519c24ca4a08e8455dbfa7a89d2a2b1

SHA1
8fb06e1a72c06a0ef0f2d1164e9d9a6cbe508ec8

SHA256
53c364cf4d849ab59ee12e12755749993452230ec8b57792c067e0f77673f8aa

SHA512
39a71556f111a4b61cf4c3334d248a949a3668998c67d3de347955f2dc97bbea32d4753d204e09b42bd30c351b5ca2a7b92808d631864c478f747ab908a5a6cb

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
593cf0c1c0dfb8cdfea04fa4bbc35372

SHA1
0b6345ab5456738d74c4349f89eb60618e22349b

SHA256
ba0fe8b6a3786e7811dd06f7cc6eb7e48c5a86864b9ad33a1b9cae4baa17dbe1

SHA512
979505ce8bbe1207f407acdc5386f249d367a699ddd005755909766a6fb6aaba0310b89588aea5a73144d517bc3a8ea69d61099f7e8c7c701978930c5dba8795

Download Submit
\Users\Admin\AppData\Local\Temp\ybFBA.tmp

Filesize
123.1MB

MD5
1aee3f98410fe8235522a2f28f507f76

SHA1
e0a88ac68cdd4f58cd1dba402e2e2f3a041bb317

SHA256
6ba57850c6b5e7d6b37e0a64b8f211b269e78cb65f904dbaad850f17f8b3a85d

SHA512
6a34fb2e88c7bcaea4f7cff17f47401696d8d1bf4b2c58f63c8c7165084fdb4aaff72a6eedd9b98c36756cc074053de8f964e5b736943a5de89c5318f8940b29

Download Submit
\Users\Admin\AppData\Local\Temp\ybFBA.tmp

Filesize
123.1MB

MD5
1aee3f98410fe8235522a2f28f507f76

SHA1
e0a88ac68cdd4f58cd1dba402e2e2f3a041bb317

SHA256
6ba57850c6b5e7d6b37e0a64b8f211b269e78cb65f904dbaad850f17f8b3a85d

SHA512
6a34fb2e88c7bcaea4f7cff17f47401696d8d1bf4b2c58f63c8c7165084fdb4aaff72a6eedd9b98c36756cc074053de8f964e5b736943a5de89c5318f8940b29

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads