Overview

overview

8

Static

static

3

9b9da8ee43...e9.exe

windows7-x64

8

9b9da8ee43...e9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2023, 12:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9b9da8ee43b6b164866270c850f18afc5cfa088357bcf502a8809714c5b48de9.exe

  • Size

    4.9MB

  • MD5

    befcff42768f2f31416bb0854ff043a7

  • SHA1

    18b42d5c3349064e8bb265aad8e6e85c204b9700

  • SHA256

    9b9da8ee43b6b164866270c850f18afc5cfa088357bcf502a8809714c5b48de9

  • SHA512

    e7e88ba48edf59ac51fd7138cbd6c33c964760873de83d011537883746a231e4075b99ea47a2803a1dba9653241d70e0f8793c7612e392b4868356ae71f2db36

  • SSDEEP

    49152:tHhWJb8R2TOaCZgdVDgCes3jII0Ee9Uc1c70oPBkgoY+r5u8QeKxFOJxdb4vZKV:RhQI4CudV8s3MKI2tkVKdzOJDb4v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b9da8ee43b6b164866270c850f18afc5cfa088357bcf502a8809714c5b48de9.exe
    "C:\Users\Admin\AppData\Local\Temp\9b9da8ee43b6b164866270c850f18afc5cfa088357bcf502a8809714c5b48de9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1756

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
          Filesize

          4KB

          MD5

          96eafe8f7577cb1002282a86eb8c0ff9

          SHA1

          1d35197eb629e3df8e33b7a497dd6c0474a1aa2a

          SHA256

          e05687c9065251de65516665f99f21e473c3dd58646d906fec40d7790a68a1b2

          SHA512

          f931c8b505b80abcfb681de0cf12095e914e9d4ccc7465ff13d5f863167f7f82a04a72f503bde38ce9c7326ab03c1a35cd616eb843a6bd195c300f8ca2fc929f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Yandex\ui
          Filesize

          38B

          MD5

          9aa2411aabbf8ecc55b53caa66fbea2e

          SHA1

          463e979cad71cdfd8a62a0c9bedb3588d4cfdde3

          SHA256

          75c532a88f870906ce08a1bd460b549dddda12480bb7e6055ce775620be9a6ee

          SHA512

          21a84eda6b2cd6fba72a4fb0e1122402a773d49cf34873fb404301c015f0d4692270f36d8c2bebd3dd7fecb16ae1151e8701747f3d6e604c125b0da1ac1c2d33

          Download Submit

        • \Users\Admin\AppData\Local\Temp\yb3295.tmp
          Filesize

          140.7MB

          MD5

          3a6bbe19af05b72490b5410934777d66

          SHA1

          60abab13ccdc4595361c038524e0e930215bb09f

          SHA256

          2aca750337db0a3b960ba71080a4c2565cb09dbf739d358ca06982f50ff28a3f

          SHA512

          754e741e18772358a76bcdf54065f45ff33f49c9499ab9e8c7796362cd60c3a2db589b8477b7c105e64f8d9fdfc44eed4dc1112ec7c5f92a79f8d0c40bd64b94

          Download Submit

        • \Users\Admin\AppData\Local\Temp\yb3295.tmp
          Filesize

          140.7MB

          MD5

          3a6bbe19af05b72490b5410934777d66

          SHA1

          60abab13ccdc4595361c038524e0e930215bb09f

          SHA256

          2aca750337db0a3b960ba71080a4c2565cb09dbf739d358ca06982f50ff28a3f

          SHA512

          754e741e18772358a76bcdf54065f45ff33f49c9499ab9e8c7796362cd60c3a2db589b8477b7c105e64f8d9fdfc44eed4dc1112ec7c5f92a79f8d0c40bd64b94

          Download Submit