b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7

Analysis

max time kernel
127s
max time network
142s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/08/2024, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe
Size

10.9MB
MD5

c221ae409492c2dfaa7c19536a62056a
SHA1

b35268b0ff0911442f43e1c7ab7b5666fa19c520
SHA256

b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7
SHA512

8df588e8d9f40b1b52f35ea1265e722594537309f8cdb48d388783797ff16a6e3c81761e49f1beb72e1e7a02012d187d8808ed1bd6cdbee6f073398cd6345a0b
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2412	b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe
2412	b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2412	b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe

C:\Users\Admin\AppData\Local\Temp\b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe
"C:\Users\Admin\AppData\Local\Temp\b0ea46e89de883fbb6451132a0c61d67be4a414557dc098b822083158e3b52b7.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
e8138b242065f0b9b556c89f038754f0

SHA1
98c19be905f8c858434d3e6052713cec22ab278b

SHA256
d9dfed889773223a449eb93c690ba2ab932e3df94533e442cccef2005d174ed5

SHA512
0da7df242d00b8785a90411486e83a7f8314efb61b5f9d36c19832721f76678e3b0bcf886062675751748587742e09b0360043f3977db0cbf5fe34ea23256ced

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
e7be14cc56cfe2edc8b850cf680418e8

SHA1
4832a994ebc3eac6567026797af7703609a0cfd3

SHA256
93337a644fa608db51c6183ce80ef4b835d45d757fd3efac8cb76bbc1af69da7

SHA512
dc1e09b03e4cdc2bc62cd41d2ba0d6886640ca6f50924459480ee29188d2ae89b9c2f2a35180a1b272e14fa46bee8665b98d6007efc99e01c0ef43700005824e

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
0073650e3e58ca8048cdaf8c1a776700

SHA1
2e1d0974d22652e8b5f76b7a961c6d767458d8ce

SHA256
4e1c263fca262f2d53706cdaa3a4df87f780021b702056d7fbfa3f8e0fcf27c4

SHA512
452162aad21ea524252a3ca51cf3993cf4cfe4fec988833b3fb5dac36d83e5b4ec3220939e8269ca93e71dc0109373af394c7c427733c250a8e0c8e36f53a6c1

Download Submit