c7f56528cdf9b0c9a1ca5f114c48c3e5066d5aec11f92b836c2eb25d79851246

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/08/2024, 08:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7f56528cdf9b0c9a1ca5f114c48c3e5066d5aec11f92b836c2eb25d79851246.exe
Size

10.9MB
MD5

8fdd67f6662ab6b494be94a7bd4b4125
SHA1

d1113fe106e5e1d380257beb4d32600b7b71d576
SHA256

c7f56528cdf9b0c9a1ca5f114c48c3e5066d5aec11f92b836c2eb25d79851246
SHA512

ec9f8711ac771ee83efd14d363b4e2d3ac0f1e56069b12d8c2280fd4f001c635e795e52d0cc2244a4f4286ce20f80056d6ac45deeb042155ded3a0a0c9494f62
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2628	c7f56528cdf9b0c9a1ca5f114c48c3e5066d5aec11f92b836c2eb25d79851246.exe
2628	c7f56528cdf9b0c9a1ca5f114c48c3e5066d5aec11f92b836c2eb25d79851246.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c7f56528cdf9b0c9a1ca5f114c48c3e5066d5aec11f92b836c2eb25d79851246.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2628	c7f56528cdf9b0c9a1ca5f114c48c3e5066d5aec11f92b836c2eb25d79851246.exe

C:\Users\Admin\AppData\Local\Temp\c7f56528cdf9b0c9a1ca5f114c48c3e5066d5aec11f92b836c2eb25d79851246.exe
"C:\Users\Admin\AppData\Local\Temp\c7f56528cdf9b0c9a1ca5f114c48c3e5066d5aec11f92b836c2eb25d79851246.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
a4a509dcd5dab315dcee89c16cf04e78

SHA1
e46042f762d20aa3ae7934b192c65745df3aa1e2

SHA256
91929e159cc15c3a160e224cd11bd7ca90d84e5407f61bf4e183d8010f6ef32f

SHA512
2963519d6e7d20c24daf5f0a0d620dc11cc4259b774ad833e0e8b4b4c8864c57fcfa0ee589d0cf4c809289e325aeee453199c19da29a4f38ab8915b836e0ddcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
2d863e7bbce472e0100c685aea3f15f4

SHA1
37afe71133df2fe1de32756e8ef9a91253b142c3

SHA256
3c40e123b7fb72bb7d0037e93ec43e3535a3a1f2f285b6156e4730316c4a7c2c

SHA512
99059ec67ef365592cd852486ef94f5e3bc6297425645e4910fffb1884ad919c70e054cdb68c43346e392458d36d0833330b8b289ecede315e0fefa770827872

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1052e0eaff857f8d9a7efdf5eef85745

SHA1
baa9bd4dcd81641499ae14139ef7317bbf71700e

SHA256
64194e4fe7fb04265b96675295d055f5a88d0127517816962e5452a8a8faf442

SHA512
88119832ca4c2f7fade357ca97accb4f32e5540065c8e7bceaa021b05e068a33dcbd6dd531d6ff0d73f9f8ce827018c127687431aa76dbe4f4ffeb27be308830

Download Submit