7495e33ff067ac77c4413931e0be35f042601b1eb4d356bdaeabf0d8127c6d14

Analysis

max time kernel
130s
max time network
139s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7495e33ff067ac77c4413931e0be35f042601b1eb4d356bdaeabf0d8127c6d14.exe
Size

10.9MB
MD5

2c2ca4140084b38764b549a69edcadd6
SHA1

c3123689d3796f55a3894aa98c8113305506d81d
SHA256

7495e33ff067ac77c4413931e0be35f042601b1eb4d356bdaeabf0d8127c6d14
SHA512

fe4ca4a4719c3a36490c724704b58ac6fc4fe3f64fbb9ec48d09f280297fab6617eeda730422438fc942c3682053851a3da20d29f46381328a570a6ded44d403
SSDEEP

196608:ubGnWW5WySSJ7PbDdh0HtQba8z1sjzkAilU4I4:uKnW6Wy5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2584	7495e33ff067ac77c4413931e0be35f042601b1eb4d356bdaeabf0d8127c6d14.exe
2584	7495e33ff067ac77c4413931e0be35f042601b1eb4d356bdaeabf0d8127c6d14.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7495e33ff067ac77c4413931e0be35f042601b1eb4d356bdaeabf0d8127c6d14.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2584	7495e33ff067ac77c4413931e0be35f042601b1eb4d356bdaeabf0d8127c6d14.exe

C:\Users\Admin\AppData\Local\Temp\7495e33ff067ac77c4413931e0be35f042601b1eb4d356bdaeabf0d8127c6d14.exe
"C:\Users\Admin\AppData\Local\Temp\7495e33ff067ac77c4413931e0be35f042601b1eb4d356bdaeabf0d8127c6d14.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
e9af654fb1f2b031cf5764653bc486c9

SHA1
92609a433c92808947492614389c25d3a24adbfa

SHA256
2f60eeda26568ef79d97d363da10f4655db90047be3696f64b76cedf29a974a1

SHA512
dc7ed05e4c9cf0eeb542f978b0b66ba0bc093f55f5b14c7e5a3e52c5d470f72865ade91a0273ec77d0c444a0fe5789824e7dcbd0071a1258ad0646393f6c608d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
ae126808a3945dcba896e805553d7bca

SHA1
dbd4ea3b34d0eb35dbf51afcf3030962c24928fa

SHA256
e85a6802e602fb26a2822b6901fd32eb41d0c77af8f1816924bb3826b18ffb22

SHA512
b0f62d6e8d72e1c059ce23761910f4ef5afd4daf60a55f94c471129e59e02fa98f5b5435c3c79ffe3b0dc8e32621a52184098a46ba2f99c07cf8f15ab3a41f61

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
90421c8f6ae5bd38a1425cd46df75a19

SHA1
004ff799aba2dd05b0593f7d485a3973efcd4a2f

SHA256
a32f6957ef251d29182c1be2981248cb57a8af521de192c5c1e2fc9496010058

SHA512
4e0321908fc8787ac340844a1ac0712a1e0e6fe88b47605117b0c9437c6591abb32a7e9c2d28a4f9261a29b05b9dbef85e728bd340664d7c90054be251768f0b

Download Submit