e9ef7c1e9e792b01a7517cf4d2f2a96b6363c320fc401fd9838c095664790407

Analysis

max time kernel
120s
max time network
144s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-08-2024 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9ef7c1e9e792b01a7517cf4d2f2a96b6363c320fc401fd9838c095664790407.exe
Size

10.9MB
MD5

001b98b496a6010ac94f72b6799ecc68
SHA1

7461ac65768dd2801cb324764bfd75fdf4ff943d
SHA256

e9ef7c1e9e792b01a7517cf4d2f2a96b6363c320fc401fd9838c095664790407
SHA512

2c45bfbe38a70eca3dd1e9f653a160134d59c8484a844c84113a0844ef1136d7cffea8c141812b903fac67388badd31bbb3134153a7a3d038e097cd923b272f2
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2392	e9ef7c1e9e792b01a7517cf4d2f2a96b6363c320fc401fd9838c095664790407.exe
2392	e9ef7c1e9e792b01a7517cf4d2f2a96b6363c320fc401fd9838c095664790407.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e9ef7c1e9e792b01a7517cf4d2f2a96b6363c320fc401fd9838c095664790407.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2392	e9ef7c1e9e792b01a7517cf4d2f2a96b6363c320fc401fd9838c095664790407.exe

C:\Users\Admin\AppData\Local\Temp\e9ef7c1e9e792b01a7517cf4d2f2a96b6363c320fc401fd9838c095664790407.exe
"C:\Users\Admin\AppData\Local\Temp\e9ef7c1e9e792b01a7517cf4d2f2a96b6363c320fc401fd9838c095664790407.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
14a24e5fe09fc60b5e56d2f78bda52ca

SHA1
fa5737b8000d9dd16fefd8404999ff74ef6cf782

SHA256
6187e29685ba80923dc4a1017a70a073acec348d1efa0270f3588e079dc8a123

SHA512
5f2b03c31ec34c704232449dd37461b8825bd2559c2b63f1e455fdb25afea7a3a01790052c97f2e0252998f18fc6b9e89221059182efa47f1830feee8ef1d25c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
5a5ccac84283aa84a0fd393053a47824

SHA1
3e57776ecdcaf82c63a22c6f816ee9c4287c9910

SHA256
b3effe5d5af6419e6e09cf96b37becf3ad1061d4444c2af4bdae7d815d6dc012

SHA512
a261ceefae79e9edeaeb9b7489257a450a2e3c6f97182e87a4633ba8d2c01ddbe933beed1b016ef3a24df6876d23fb01db257aaa7fb34a302d3c0b13d670988d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
7211fce104db5327a2f3e9118ec87252

SHA1
c2b5c2fbe1f08ae0c7fa437c640aaf2c1ec195d3

SHA256
bfb8b024f624ffe4d772e3777ae531062a24ebc6d9a729ffaee287eefc36c2e7

SHA512
2d42fcb427572b9c19f6cceab6d7a8340f8e56159cfc6a39303f7927039770a149d308eafa8848b4abc584417393f3d672e69d748e2736ff36a8f71370394b1c

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
a4623d6170023ccf7b81aa13213a2bfc

SHA1
c6d6288c54820f2e3b4176f5831589865ca9ea3d

SHA256
4b7d4bf98b3404975024f88541b2e384e8950e414fbb955708c71429f46f004b

SHA512
2254ca0cdb4cb1dfc4e313f7e3bb833709342579fc45b1fc32ae371f6bed8399736128bdcee635e1aad95b54eb5fef29e12a400d7bed3f472082a5ac7aa14f71

Download Submit