750123e871ec0d0e8c2dbf3017c605a55ce99f3d1c68d6bef0f22a39526e5067

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

750123e871ec0d0e8c2dbf3017c605a55ce99f3d1c68d6bef0f22a39526e5067.exe
Size

10.4MB
MD5

687a70b3ef9158e717a47cab7a6155aa
SHA1

a45c61af142603aecd419da6ae9c0cf2efcf0052
SHA256

750123e871ec0d0e8c2dbf3017c605a55ce99f3d1c68d6bef0f22a39526e5067
SHA512

d40ba78bace8c0b6e9c48c95561c647b962eb8a41f4d13b3d8ac02f84906471e084f010f5dda347cc6e1263941b77227839059ccd93dc1ee2116a557aa882f40
SSDEEP

196608:pMb3SSJ7PbDdh0HtQba8z1sjzkAilU4I4:p+5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2384	750123e871ec0d0e8c2dbf3017c605a55ce99f3d1c68d6bef0f22a39526e5067.exe
2384	750123e871ec0d0e8c2dbf3017c605a55ce99f3d1c68d6bef0f22a39526e5067.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	750123e871ec0d0e8c2dbf3017c605a55ce99f3d1c68d6bef0f22a39526e5067.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2384	750123e871ec0d0e8c2dbf3017c605a55ce99f3d1c68d6bef0f22a39526e5067.exe

C:\Users\Admin\AppData\Local\Temp\750123e871ec0d0e8c2dbf3017c605a55ce99f3d1c68d6bef0f22a39526e5067.exe
"C:\Users\Admin\AppData\Local\Temp\750123e871ec0d0e8c2dbf3017c605a55ce99f3d1c68d6bef0f22a39526e5067.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
d6e4a70b32e9281252db875a9b541c60

SHA1
feb65a78479bea5e3b0310488c07578a608262c1

SHA256
ae86c4bb067f634d33ac791fb77862eb9236a3ffff3c13c5a43c41e0a7cf744f

SHA512
885818f284fa8d99bf2065ee44fe8bd99dc033f1e3d7b8a7b3f7c25e81a58b7c005ea93964b733e60896273a0381a229d720a10f541420519e70bffec68a1779

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
691562742fa460e1832193ae41cdc053

SHA1
50acc9e91c49aa0678ad769ce322856ed0626ed3

SHA256
848b8f869f07cb97130c220c7c30a4068293bb44cbe0c3de74da92822b2ebb22

SHA512
762ee9a73060c0a0cc6a9ceb7b5925345178a17d0f24b7c697a644a5fcab1ae549d53d3f09222972262ca5c3b995abc919406f812373599c22dba68d59dab352

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
b34502859dff58204966f2da83e8ecaa

SHA1
5c1b34f6857ab2730d21b9d4ea17d2d9508c4c16

SHA256
451e27ba3625feb38fd813e2d6aec855c99fc992a664ae2092e1ec45cad7eae8

SHA512
731981ca037be8d4b04a175193eca852e72e6a6510c160b4eb37b33a04419590bfa3a23d8487fef35b1e954b9770cb406cb07555b93c69fb4fd2306174dd8d51

Download Submit