061e1aa5bb03cad83c982cb32861fc8e4add78b2bcf6e0a0d016077c723f94c9

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
21/11/2023, 17:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

061e1aa5bb03cad83c982cb32861fc8e4add78b2bcf6e0a0d016077c723f94c9.exe
Size

4.7MB
MD5

b598d7baee4a42fe5ba97e3ebeaeaf42
SHA1

398daaf0d9b75d761606653844bedacc532f17e8
SHA256

061e1aa5bb03cad83c982cb32861fc8e4add78b2bcf6e0a0d016077c723f94c9
SHA512

adb40dc894f160dc59de4f2755422f7837a98f906319d4dd6803295cf1bc2694bff968f08ee6c88df905bc548c2729d203d5741941f4fbf29bc14f881ed158ad
SSDEEP

98304:Q2XeHdZChmK2dCzyicP21FqKdzOJDb4v+A:EdZ0+ilpwN0v+A

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2888	061e1aa5bb03cad83c982cb32861fc8e4add78b2bcf6e0a0d016077c723f94c9.exe
2888	061e1aa5bb03cad83c982cb32861fc8e4add78b2bcf6e0a0d016077c723f94c9.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2888	061e1aa5bb03cad83c982cb32861fc8e4add78b2bcf6e0a0d016077c723f94c9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2888	061e1aa5bb03cad83c982cb32861fc8e4add78b2bcf6e0a0d016077c723f94c9.exe

C:\Users\Admin\AppData\Local\Temp\061e1aa5bb03cad83c982cb32861fc8e4add78b2bcf6e0a0d016077c723f94c9.exe
"C:\Users\Admin\AppData\Local\Temp\061e1aa5bb03cad83c982cb32861fc8e4add78b2bcf6e0a0d016077c723f94c9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
1494754ccf38f14ebec1cc11a3755f8f

SHA1
3e19808864a43d923581d90f6367c191e3b7e8e8

SHA256
897f3db83f4f3d6df3afa47fa8abc3743831bc253f750cc1e1a467fd4e34a2b2

SHA512
7af5fd1af90035f5b5f6e7f714ab075ff7da211dee768d7d2121d64e6d17d16d508d0f9cc9f31b190adff2dc8d122338c958f706ea6c599eb1113bdcb1d80c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
8d44fd4287ab6827bcc8793c80deda34

SHA1
84cec8a2cce44ea37705c5aef79cd1df25d4e030

SHA256
c8c6a1967fe5d888150d21a158f2f63b9d180182841e9b7d9afc8a9817b48435

SHA512
60bedfafdaad551319edbb1470f646c64ef53000c69be9919c019f21f4ad7886c44cc6b84b70c36840cd74a8a1479091008757b21654cdb542c1b24d2e44b1e3

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
10ef76ddfe1f8c47d6e9f1c171ed8b41

SHA1
588878650623eec5648112f0a401757598c9f4bc

SHA256
527b50c5ad3ecc46ae8f915da84605c3e49b2bfd1c9f9ee91cd513555ab806f2

SHA512
33c45aff37195c2f06432ba29974eba4b0a2b4cfd114408ccb58ada47303c1be42056b6d96900feea82b5198dd9ed1183e7df241c20620955f1c304b1c9f3b18

Download Submit
\Users\Admin\AppData\Local\Temp\yb7DD7.tmp

Filesize
146.2MB

MD5
06414b7efabecbf8425122e533dd92af

SHA1
a55f55007c8836a67b3ad998b01b9611241233d0

SHA256
d6d7cd9c756f76b51e6f1eaac3a566e37d05d91370f8c0978a381dd3ecee820c

SHA512
1f4ae28121d7294a2b504a0e8166a0f0a56caacad51de47d0c54e2fb71a082c2c35a43161f90579307d17e6b0431a7268717ccbc2fcfe9c9c6d7bd793b2f70a8

Download Submit
\Users\Admin\AppData\Local\Temp\yb7DD7.tmp

Filesize
146.2MB

MD5
06414b7efabecbf8425122e533dd92af

SHA1
a55f55007c8836a67b3ad998b01b9611241233d0

SHA256
d6d7cd9c756f76b51e6f1eaac3a566e37d05d91370f8c0978a381dd3ecee820c

SHA512
1f4ae28121d7294a2b504a0e8166a0f0a56caacad51de47d0c54e2fb71a082c2c35a43161f90579307d17e6b0431a7268717ccbc2fcfe9c9c6d7bd793b2f70a8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads