73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773

Analysis

max time kernel
119s
max time network
148s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 01:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe
Size

10.8MB
MD5

7919871201d642cc75ddd2768adc76bf
SHA1

675c47287e55caac42234162d3d9f221041f0e23
SHA256

73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773
SHA512

b3bb0e298563daccfda9fb7b17a7a99fb1ce1cd17f486c34e6c8b16b6c51675ceb1ea7a131cd301a9588ad48327a48aa15ae3ac401a91365cfb22f22ebdc6d49
SSDEEP

196608:ylWW9DrFSSJ7PbDdh0HtQba8z1sjzkAilU4I4:ylWO5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2012	73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe
2012	73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2012	73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe

C:\Users\Admin\AppData\Local\Temp\73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe
"C:\Users\Admin\AppData\Local\Temp\73d82ec196ea7ffa28b0a2d19f6ccb6d54fff6eca7f2016443c95b1083ce7773.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
39fc48b6e9202c64f4a5effecebaf3cb

SHA1
937b65823f385e04dd1cc5bda570cf02a3470a2b

SHA256
563c2c6b4662671e556a8d5cc111d31bf555e1a044fc85769e65a0c0a0a937a9

SHA512
1d94784736b2ef8b63f5bc26ae1d90dea89c05bc18564d7534f8e71d973fc232d01f1d344d9817def8cc6d34766f2626002543ca71c9d3c7ddd6dca0d20279d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
12KB

MD5
4a4b594b36ea195a9474bad0fb5ee735

SHA1
31ef77674a713c1ab5e7cf7514575f6ee99b2ea7

SHA256
370105216a94db3974edeff6f4d76a02c6768fc5e4c7649a532b1752b28c8209

SHA512
0f47fdc37ce6def642acd359ddfeead4ec394856cb3f5a01aa9bef682735c83d54cf84504a2d3032502f2ed264629a1ee9a3a2fa788e388de002a1d70860fa18

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
086303c711a13b1021be12eb171d9eaf

SHA1
cc7a0e221ac66afca6cc129297929a142d59042e

SHA256
ad71bfdf0d0cb9e92138b5c19f1e3c6a84db95a226e9581f7bf6417b87c3510c

SHA512
5decf1336c87d794ba753ac6a8235fe6cc5b8df06f008bfdba4d876f89523e3c78edf7603a5c2a6a8b0b5f30b67eb1d97b6a6c21df694b8c8cd9de2ac8b4aa17

Download Submit