d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d.exe
Size

2.3MB
MD5

8435ad96af0ee17f56852905c8900d62
SHA1

d54ef15f2dad874ff469587ec159457c0ba86048
SHA256

d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d
SHA512

c1789b8011b01fd87779d69c167c6933b46392bbe12b104bbb6b488bf5d73e05083a150a02920784654857344ede81e415c2e6a483608e623a4b24b43d605f46
SSDEEP

24576:4e61lYQzB+r1HLmOtL0vl8i/5xU4KN1Lxlw/im44Hi7ZCWlJwanJOOf5ImPfxwEE:olitAvvu1M/gmWlJw2lLm+r5u8QeL+

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

Processes:

d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d.exe

pid	process
3020	d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d.exe
3020	d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d.exe

pid process

3020 d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d.exe

pid process

3020 d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d.exe

C:\Users\Admin\AppData\Local\Temp\d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d.exe
"C:\Users\Admin\AppData\Local\Temp\d1dad29a2525b95ce94705869a60c039b5ae1d81c30c78905d8ee3b9e09d677d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
23f1634be8915c4071b9fb1cc67017a0

SHA1
0e71d81cbaeeb5566572b02326cdeac6aa2e9ab8

SHA256
d2abb2d3dc6acbed64d13a3725b18c99cf5638fbaded4f9fd87b401b1319c248

SHA512
fd7393c8611e03f4a6a2886f1305a082a37db42a8e1420c06f8949372998980b7b6d1b1936abf28e2fda8dfa3db1cb1e3bfcba060b66e30306471cbaef06acf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
d517807d64176cc872a7364ea39f1e6c

SHA1
5f6fca32fe23483796168792e451f40e79eb316d

SHA256
31e3eb99f6ae4ba02b8a79103cf724391f70a7c449a05f1fb507f53bc112dcb0

SHA512
2716646afd2860d01b3818ab3581b8594eb399cee14dba64f19e12908a40c96f7ec0ffb860fde0b4d345f2ec643d079307de765d0ef2d18cb2242e07b09a040e

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c11a11da06dc813f2d92ad3043a0c127

SHA1
ec682739322c3a29598635f3dbff4aee0026b72f

SHA256
88833609b8f41fdf618fa326e0cd655b849263968eb59f100c1ac83d24ef46ef

SHA512
c1e8b24ece9b664b444f20d5889595a73d357e8d3078c367c9c724c46598053ea468036dd402ccf20a6d3f9dd3833b0603de6395839094fb6a70c217626151bc

Download Submit
\Users\Admin\AppData\Local\Temp\yb1999.tmp

Filesize
513KB

MD5
e6c282c09af916a9d07ac7798275aacb

SHA1
7c1ebc33d00a50566adcfd09b682f58a9d5c32be

SHA256
580061e659f683d98e8b2525a289c7f43543e3e900e9d2d83a205efe24181537

SHA512
9e3fa8f8f0e07fa0a2f049d72049787f89a1b7b8092a537025e14f46f569776d226dcdd6b5a875b7ecdd079ca4a2e73b4b670f674851fbe99820788fce5c0c13

Download Submit
\Users\Admin\AppData\Local\Temp\yb1999.tmp

Filesize
423KB

MD5
31992c1f1a520c75382cda0cf6e2502f

SHA1
96640f9d36e7fa59a0bd0253ccf666b5afc07be6

SHA256
68b6e5892d04ff8f209dbc8bd481c264a65a51de2413e223f909542750deb503

SHA512
85d36c489a97669121b6fffeb254b5eda08f95dff152f8a5110b422893fea60a6bc55869e1b283bf8450cf1a6e95635e1387a4fe6776d851533d3babc0f635d1

Download Submit