fcaeb00f9490bd794518090250c59c6dbb7d70a734d4ead4085b051d581c1c90

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcaeb00f9490bd794518090250c59c6dbb7d70a734d4ead4085b051d581c1c90.exe
Size

12.0MB
MD5

3f8244be8149e2abf56ec0c405837273
SHA1

7819ae5f7e6d3b7375a7d8d4bfd387ac626a1a9e
SHA256

fcaeb00f9490bd794518090250c59c6dbb7d70a734d4ead4085b051d581c1c90
SHA512

d955a5199307691ee3b2e69c121af6ea1a3d75f044ec39f037bdd18659b2ed97b09361f0094679fc5338a09a15e509f73fe0d84ff39f4961fb25d854f8307809
SSDEEP

196608:xWwDBSSJ7PbDdh0HtQba8z1sjzkAilU4I4:xWwDB5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2284	fcaeb00f9490bd794518090250c59c6dbb7d70a734d4ead4085b051d581c1c90.exe
2284	fcaeb00f9490bd794518090250c59c6dbb7d70a734d4ead4085b051d581c1c90.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fcaeb00f9490bd794518090250c59c6dbb7d70a734d4ead4085b051d581c1c90.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2284	fcaeb00f9490bd794518090250c59c6dbb7d70a734d4ead4085b051d581c1c90.exe

C:\Users\Admin\AppData\Local\Temp\fcaeb00f9490bd794518090250c59c6dbb7d70a734d4ead4085b051d581c1c90.exe
"C:\Users\Admin\AppData\Local\Temp\fcaeb00f9490bd794518090250c59c6dbb7d70a734d4ead4085b051d581c1c90.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
916b978dd5d67ae9fd7939904d70c654

SHA1
47b1f37f9a68a3fe4f75e660a38e7a39934f4e45

SHA256
7d0a38b5b15f235072bda7eed7897d5432b44a5b7f46d1f6e55070423bcecb2c

SHA512
ac0bee0da85a7261d49d2c4a9bf8ce1d18e16df82b1d50127ed4fededad8c357f3a3159c6623e06d572b15a06fda9345438adf9523dfd6c2fbedae400ceb5d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
e728d259a8ce8c5953fb6b2068b1d031

SHA1
24da1efc8d8140bd1403f09b3f25b5dbf97ab90c

SHA256
65ae36ac261c874ed3fc237bc003a9039db57f72b1ab130e71bc82b7fa5691ff

SHA512
e38f1ed5fc40aeb08d5f78630fd12ad8a83313904479b54475f87206f9285c2e549689f63cf6994fd679e158582638c45fda54ab464bd703416335089a803a71

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
d0449cda64d25a1d13dec0b8fc18f4b1

SHA1
9430a0a9365977d4411b9bdd05764e72e11e0f98

SHA256
37cc7637244bb9da3f7af60260ce70f8a1b0c41143efb8a538f430bbbeee8a60

SHA512
caeb9e291e86cedfaed464779f3098359414f441e9b955a952010a62f2decbd51c2e0e2df396a1fd4225da27a75606bfcc81c74c28b3a850f51f5369b13a2c23

Download Submit