e4026fe8b4be6f7f846cd59efc6ae1eb391c16aaca68dfe0ed79dad69b492723

Analysis

max time kernel
31s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4026fe8b4be6f7f846cd59efc6ae1eb391c16aaca68dfe0ed79dad69b492723.exe
Size

10.5MB
MD5

2619d93fc16ef009826258e0c93fd788
SHA1

7477e9f6d74a186ee1277763b45843ab335f1d32
SHA256

e4026fe8b4be6f7f846cd59efc6ae1eb391c16aaca68dfe0ed79dad69b492723
SHA512

50456dfafeb4b8eae683af9f3617b2954aaad880e6888de379f7271b2b4c7b2d4dd90af0689407cc95a87d3e861a6a90be2bfe9afa4b31d84d5f9241bb924482
SSDEEP

196608:CbGrIzeHISSJ7PbDdh0HtQba8z1sjzkAilU4I4:CKrUj5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2528	e4026fe8b4be6f7f846cd59efc6ae1eb391c16aaca68dfe0ed79dad69b492723.exe
2528	e4026fe8b4be6f7f846cd59efc6ae1eb391c16aaca68dfe0ed79dad69b492723.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e4026fe8b4be6f7f846cd59efc6ae1eb391c16aaca68dfe0ed79dad69b492723.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2528	e4026fe8b4be6f7f846cd59efc6ae1eb391c16aaca68dfe0ed79dad69b492723.exe

C:\Users\Admin\AppData\Local\Temp\e4026fe8b4be6f7f846cd59efc6ae1eb391c16aaca68dfe0ed79dad69b492723.exe
"C:\Users\Admin\AppData\Local\Temp\e4026fe8b4be6f7f846cd59efc6ae1eb391c16aaca68dfe0ed79dad69b492723.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
b0b7faa21d314a26197926aa1ab9d664

SHA1
19a3d95a6d473040c5accb21e9573432ef2941ae

SHA256
4ce6e76093fcc22c904f5a1ff9f590c86ed6a78051a115e63e17b07ace226d12

SHA512
0888e037e1d01684740ff38202fea062635a241d7349560d377fdde4f5fc614b84e4ac613752382f51054d1d505d2b0fc26b5ff17828b4432a106feb87206f05

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
707cb44623c6dd75e8847e53598ee45b

SHA1
8c714b45b4131a3414a8cdb7a8956c06c930ae2a

SHA256
920b29a98ce63512992a5a214f6bd0dc1ba403beb870431053a32131b6f11e55

SHA512
b9f690b8ee2927eec719fe9afd220c9511fba6a3c544a48c6a3f8de2f0270fd759e55639deb75f235bcf2970a886a44e0ce8c4346c95f8ca35192d9e9c0552d4

Download Submit