443125b20e2d42176c584d122900af081308a4d4b1873026a4f9831fefced2a5

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 19:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

443125b20e2d42176c584d122900af081308a4d4b1873026a4f9831fefced2a5.exe
Size

10.9MB
MD5

283332ea7e9103a0fd496efd5beb8191
SHA1

363ffe09a2eb6968946b753ed70b9ee435c6543c
SHA256

443125b20e2d42176c584d122900af081308a4d4b1873026a4f9831fefced2a5
SHA512

ed01fa42f522789269807f809a628866c5c81cd7919dbcee146ce132e9cc168dc725a707b1119a173fe6acd4aeba12a9fd95498c32e05dd6ac59e621da24a49c
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2968	443125b20e2d42176c584d122900af081308a4d4b1873026a4f9831fefced2a5.exe
2968	443125b20e2d42176c584d122900af081308a4d4b1873026a4f9831fefced2a5.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	443125b20e2d42176c584d122900af081308a4d4b1873026a4f9831fefced2a5.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2968	443125b20e2d42176c584d122900af081308a4d4b1873026a4f9831fefced2a5.exe

C:\Users\Admin\AppData\Local\Temp\443125b20e2d42176c584d122900af081308a4d4b1873026a4f9831fefced2a5.exe
"C:\Users\Admin\AppData\Local\Temp\443125b20e2d42176c584d122900af081308a4d4b1873026a4f9831fefced2a5.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
11a2b61a9346ba7585632ada2368785f

SHA1
9f0249cc1e6b16e1a5e0ca0bafe61947c10f7e71

SHA256
dda7661d4eb90daf04143c687fa32800a78cbe68c806106c804c7c2a10b01e45

SHA512
815ecbb82c20ccab64736bfa7af255ba345dee8026c792a550af4ffe1306605be309b51d992056f17a6632df06c2b53f67550150b4d344eea25699b06473d192

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
13e1af7cc61b0b72465d482867fdfe87

SHA1
85c1478f075e35017e4882462f1d116825600936

SHA256
e700cd0d74545a8d2342ced71dddec57b1e50b7236cd37351c825757aa8f7edd

SHA512
b133df4a38686976bd942dc6a9dda7b002a54b06d4233eedd3467df9d659b382e19e1386431c73f223c36f87985e487ba235b82043a61175c5a912bc5d8e51ce

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c80783efef11528d9e794292e5518928

SHA1
73b718d0352db86e7f2d20eb411543d5db709bf8

SHA256
1b2dab996af1efa820d79766f66bc1347d72137120ab72bd3c5168a1e38b83a7

SHA512
fbd476ca0ddef7e7fd5add42535b6a302282ddfcdda5df0a0a46c57ba80fa91bf73fba25d3a4888b1a43aa2f7e8ebcdff4a486657e02feebf2027a92c53f528a

Download Submit