Overview

overview

8

Static

static

3

b256e89aeb...f0.exe

windows7-x64

8

b256e89aeb...f0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    05-11-2023 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b256e89aebb3e0294fa78fa8b4823511d2bb25e9ff45075d89dd6d3d54fa2af0.exe

  • Size

    4.9MB

  • MD5

    044ea720f2155507eefaae24680d8260

  • SHA1

    0d74a94eb5701f9e2e684fb78a072f0fa616209e

  • SHA256

    b256e89aebb3e0294fa78fa8b4823511d2bb25e9ff45075d89dd6d3d54fa2af0

  • SHA512

    fcfbae509eba74222491430a45b2c2552cc6a6e16ebac1ea0cd6490b23e77aebf6e90c57caf1c7d9e0a562dde4c85281375f27746a307d562599ca656f6017d8

  • SSDEEP

    98304:nrS2H6ei5ncznNN2co86WDASKdzOJDb4v+:WYzX2c6WDawN0v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b256e89aebb3e0294fa78fa8b4823511d2bb25e9ff45075d89dd6d3d54fa2af0.exe
    "C:\Users\Admin\AppData\Local\Temp\b256e89aebb3e0294fa78fa8b4823511d2bb25e9ff45075d89dd6d3d54fa2af0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    2KB

    MD5

    35a46094f1c2bd835cd37105d0444d7c

    SHA1

    0f1e0e2d9267093b68c95521aca9cc78de226856

    SHA256

    66ab11c300408a42effc9d2c832188dc627003d056bdcd156d7648d92c2d7791

    SHA512

    11f65614aec2caa2e8682ba4ce1af6885a17e367e14137a090a71a9b941c2086db2ccd5b5ba2d91e3e5eb1e2615f7d3b3b09536237a1552364ea8e0c2ee290a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    7KB

    MD5

    0b15bba813c6ebecf34c49a857ee4852

    SHA1

    9478596836e4b65b57afd9f2df3fd9b499526126

    SHA256

    567a3a07963e623eb776f7d618207c4dc38e29a25f73f3438aa6bd8eeca16e9c

    SHA512

    406e27747367e4f05cb17f81742ca1fc011f689b166c95fdc003b0d60bfe6101976cc190af454488e8179ab6afda70755fa23938f86694af46145192a7113800

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    2e17d8347978f36d7879665dbeeebff1

    SHA1

    fa7f52064d66007aece5c195535e2a8f11eee54c

    SHA256

    169975d1902de7bc8a96720d4f1b3ce115f03b37eb61b445f4ed222faab7d61e

    SHA512

    1a258f5cee621b7c17c812a52075b95f28c39f36e5588198a2cc639888d53fc0eb808b721f99910125ee051e0c6b2273f8eb4966b23fb33d723050c82b2f8f14

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb4940.tmp
    Filesize

    140.7MB

    MD5

    8c64c4d22282f23112d1cd6665ddd291

    SHA1

    d5a4ca6f0261ae2c7d0c882e952d3aab6de93894

    SHA256

    56252150c84539780d8c3c34e9f840c8cd2eecc4e701e7d7536b9a7bb68d8c49

    SHA512

    1c39f382770d76edc30ef1202ad40db1cffc892d0e993ef4ffffb1d924e111f812b47d4ba767e136a48be4309bc2048c21fdb620876ba35e2447601fc46c3ab0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb4940.tmp
    Filesize

    140.7MB

    MD5

    8c64c4d22282f23112d1cd6665ddd291

    SHA1

    d5a4ca6f0261ae2c7d0c882e952d3aab6de93894

    SHA256

    56252150c84539780d8c3c34e9f840c8cd2eecc4e701e7d7536b9a7bb68d8c49

    SHA512

    1c39f382770d76edc30ef1202ad40db1cffc892d0e993ef4ffffb1d924e111f812b47d4ba767e136a48be4309bc2048c21fdb620876ba35e2447601fc46c3ab0

    Download Submit