e2ff3cb7d8effd16b6eec9017c75225e62628d4a298d908ea5d5e88b321f3d33

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
27/11/2023, 16:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e2ff3cb7d8effd16b6eec9017c75225e62628d4a298d908ea5d5e88b321f3d33.exe
Size

4.9MB
MD5

dfe3348ce556b46e6dbdb59f42ef4af8
SHA1

ca83a252ecfa693c421f2fe49bf555c25ebba24d
SHA256

e2ff3cb7d8effd16b6eec9017c75225e62628d4a298d908ea5d5e88b321f3d33
SHA512

68a7da802ca8d51b9511d8570aed68337e1d7f239b3f1d14b2e9c2a9ccd4858ffb867b72514217c225d478b5bd64daf77f226d397afcc7b0cc4ed3e54cbf9389
SSDEEP

98304:4hQI4CudV8s3MJ279sA40aBKdzOJDb4v+:7bM2p+nswN0v+

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
3044	e2ff3cb7d8effd16b6eec9017c75225e62628d4a298d908ea5d5e88b321f3d33.exe
3044	e2ff3cb7d8effd16b6eec9017c75225e62628d4a298d908ea5d5e88b321f3d33.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3044	e2ff3cb7d8effd16b6eec9017c75225e62628d4a298d908ea5d5e88b321f3d33.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3044	e2ff3cb7d8effd16b6eec9017c75225e62628d4a298d908ea5d5e88b321f3d33.exe

C:\Users\Admin\AppData\Local\Temp\e2ff3cb7d8effd16b6eec9017c75225e62628d4a298d908ea5d5e88b321f3d33.exe
"C:\Users\Admin\AppData\Local\Temp\e2ff3cb7d8effd16b6eec9017c75225e62628d4a298d908ea5d5e88b321f3d33.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab3CD3.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
2c2d368053db9d8c27d4b73f4320e60a

SHA1
fa5eb8b8a50535006ffa952f46a89e289e64739b

SHA256
6c1a93e96be9e0a68b198118530a2804eb607df9a0539eaa44345ee7db28b231

SHA512
7f092e9dcf8361adb4647770703d3f66d9c18ce273a28e2cab6f06597103b81ed0bfb3fe103ca2c41d18979bb53e13b80079cf617c38e5aa0df86c3d8704073d

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2428886f06f51b0533ac56246fe2bb14

SHA1
b156f3b2c10c161ef24802b9a87a85ad86fc958d

SHA256
f263a682079739c2e3416675aa9752937454f2588ae00992f93907826aae2094

SHA512
bba8ac583f7f1f30fefc056b0644cefdf9a3f635391cefb031db77a9821d8ab7ee37570def5cda4330cdaf0e8cbaeacba0a8b3e0b5d5ce79fb859f00f870d586

Download Submit
\Users\Admin\AppData\Local\Temp\yb38CC.tmp

Filesize
134.6MB

MD5
d2fab09bcdd98afd12b47f065f3d78a8

SHA1
12e9fc7c0ca542b4678c5ecbfa2ec4339fe28db3

SHA256
35bb254b98f429d130cc626ae118309a1f142b5256117fa0be819d51913c266d

SHA512
babf88df838a0957426a322d995b0824125a06934f85daf0b6f88d6c2a3657847bc4b54c2290575e68da2f57367c49a7bdd0157354b999d28e3a5a563f4c349e

Download Submit
\Users\Admin\AppData\Local\Temp\yb38CC.tmp

Filesize
134.6MB

MD5
d2fab09bcdd98afd12b47f065f3d78a8

SHA1
12e9fc7c0ca542b4678c5ecbfa2ec4339fe28db3

SHA256
35bb254b98f429d130cc626ae118309a1f142b5256117fa0be819d51913c266d

SHA512
babf88df838a0957426a322d995b0824125a06934f85daf0b6f88d6c2a3657847bc4b54c2290575e68da2f57367c49a7bdd0157354b999d28e3a5a563f4c349e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads