c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe
Size

10.9MB
MD5

ce2ffc5cd1537f6e70abe24c46be5b8e
SHA1

c8c35c325cc26243bfe5348ab3ac4c5deba15568
SHA256

c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea
SHA512

41df386d0cb7b34b16194e86f06dbee5ed722528aec74932a63d9f85a856a99295e3b6fef94304ec32c09325f1f01a91ed331fbe8e685f8a3c824509efaef505
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2220	c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe
2220	c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2220	c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe

C:\Users\Admin\AppData\Local\Temp\c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe
"C:\Users\Admin\AppData\Local\Temp\c315044ef02d1922b93f50a097c97d6f4d8f91f62f12e9d0fe81d5c6f5b4a7ea.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
9e1499769b2533acfe07e472c3e97631

SHA1
d709d78abf9d535a81b08afcfea8aea09f74fd4a

SHA256
4971f21b4d82fdfa049b387de097ff097de4c9e960fe00a14b9e6ca78e9eaa52

SHA512
fb068526bf52718b3d5fb04eaeab463719fdc869e35ff993669df5e9e64e847599aae3afd82d49191a4892cc2d9314ba30804c853f2f71309da481c22e51db5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
12KB

MD5
f693418299fc8e5ad6cf17075be95164

SHA1
ed0bd1f1c479ff63cdb7b7e7e5d9f43fbc45b035

SHA256
7713f6b24ca6f86f7eed39cae2d475e9cd836231eecb5a4ffc0cbfa76615b093

SHA512
eee9111a485fc8a2d3048d92803b8121b258d511119a44f7e66d67035846e4a96db981ee7ae4f840f9fb40a927d898f830529312a8f6af61ae5be75ab3737726

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
5c2a5fdbf9471a81c4092cbcb25c986f

SHA1
55e5a0d886cfa1c87d4bbe807704e3044a18a8d6

SHA256
70147088f0269dfb4eceab3143853a41637a471493b18bd47c0e4f163b4ac254

SHA512
005743c0f1d8a7eeb41c95d783b93b3125d16f2203cf4cb9e976874ebcd4d4ba34c141f5965e699ceb1a257f947601d0fd8181647cee44c150cb73806926624c

Download Submit