Analysis Overview
SHA256
244db1b8b957b1c25b175e241544928c374f155bc41b5b7bdb5f0c44731f4986
Threat Level: Likely malicious
The file 244db1b8b957b1c25b175e241544928c374f155bc41b5b7bdb5f0c44731f4986 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 20:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 20:36
Reported
2024-06-13 20:38
Platform
win7-20240611-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
Downloads MZ/PE file
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\244db1b8b957b1c25b175e241544928c374f155bc41b5b7bdb5f0c44731f4986.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\244db1b8b957b1c25b175e241544928c374f155bc41b5b7bdb5f0c44731f4986.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\244db1b8b957b1c25b175e241544928c374f155bc41b5b7bdb5f0c44731f4986.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\244db1b8b957b1c25b175e241544928c374f155bc41b5b7bdb5f0c44731f4986.exe
"C:\Users\Admin\AppData\Local\Temp\244db1b8b957b1c25b175e241544928c374f155bc41b5b7bdb5f0c44731f4986.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 5.45.205.243:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-kiv03.cdn.yandex.net | udp |
| RU | 5.45.192.185:443 | cachev2-kiv03.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | abf6d9d84501bce03b2e4be1dd229d04 |
| SHA1 | c528570058ac76d7eca72f0a0787af6d78c9b5fd |
| SHA256 | f45f86723ce37948e335838280321cc8a0104fe4d7bd5b4a66d3c2c016bde434 |
| SHA512 | 562b13b43a73c7d00ebf1c4a869ba6fdb0a94f2ea25b68b496819e11e64c870514b0d8de61f35962d6ca5d9574bf69479a5e0ee574a92064c7ca8f86335d2802 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | b18259e4b55a2470babd7080c0a35c9d |
| SHA1 | 5a7a0d5648145c72791c2f071a36dad2d7b71358 |
| SHA256 | 44913a2a71a2d0e4cec2bfe562813d51e580e6013c69cc1c838e2d40ba1667e6 |
| SHA512 | d643ccb4da09577e58f3ef8057a8dedb7e13d90a4d4cc6c6b7718dbf517c78c94853f1edfdc9cca8a471d52c0685acd8d84a3fa78c8228d079a6f1284a2c6e23 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 20:36
Reported
2024-06-13 20:38
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\244db1b8b957b1c25b175e241544928c374f155bc41b5b7bdb5f0c44731f4986.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\244db1b8b957b1c25b175e241544928c374f155bc41b5b7bdb5f0c44731f4986.exe
"C:\Users\Admin\AppData\Local\Temp\244db1b8b957b1c25b175e241544928c374f155bc41b5b7bdb5f0c44731f4986.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 23.53.113.159:80 | tcp | |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 24affef186b18d8f2dc1d499924e7bfd |
| SHA1 | 7067484db3f7f4bad4957f1d476f757e3293188d |
| SHA256 | 7db40ab3fefac69f1eefeb4ed30970b9e2a2132531fcbb4b03d9f14da6dcf988 |
| SHA512 | 7854bce03d10e7d2b6a862ec55abba10f06d2218d2dce5058d591acffc1acc1d10439b4deca04596fa6d18e9dbab851301f3e623fe0a5b026aca1c9dabadcfe5 |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | f3a4d65d7f7e0b898befc947d6e54026 |
| SHA1 | 6dfaa1a6f60a1e53e5cbbe62e8d27331391bf0cb |
| SHA256 | b94e31cc1257a518bb3e6114772cfce5ab056df357c5bdc7a78e283445c5f34b |
| SHA512 | 0190c331659f66acfdd3cce3f4708c9f1ef658f1a71cf5b8f91c3cfa75cee5537f5d4d3adfb92e4352d79644e9789740491cfe5606b2b23f8fd037f640cde41e |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | 4eb7e2dbb3b04026d9477c1f520bb98c |
| SHA1 | daf279bda5b7ff89dc46f0131c0fb73138de91df |
| SHA256 | 48889f7c8cc01c75021b5c3f5dfcda28b197c0fe7f78cc8a0020071c3d5b15d7 |
| SHA512 | a29354b1c5e050bdff894de1db1958f226bde2930876dd5d175ab0417dbf1b6c89ddf753696c20e41d1aa9cd5b98273b5ccca692e22bdfc0d61bf61c5f3f7123 |