603fe42aed084316f3a149b17702d04ba2f5d95d58634d679a66184bcd6f1058

Analysis

max time kernel
142s
max time network
146s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 11:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

603fe42aed084316f3a149b17702d04ba2f5d95d58634d679a66184bcd6f1058.exe
Size

10.8MB
MD5

b49c8026886b9f7749c2037e5114cfab
SHA1

86b73ff96fbbc872e11ac8f918ae5facf4f49848
SHA256

603fe42aed084316f3a149b17702d04ba2f5d95d58634d679a66184bcd6f1058
SHA512

6a7e456d433d80d2c7ff4a9e3b9457cd0a21ae33c1f6edaadc45d40fc1091b24e63c1a1dc23356eac9fb6e405e5809c5939ada1649081c2d6c366780f12241c8
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2372	603fe42aed084316f3a149b17702d04ba2f5d95d58634d679a66184bcd6f1058.exe
2372	603fe42aed084316f3a149b17702d04ba2f5d95d58634d679a66184bcd6f1058.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	603fe42aed084316f3a149b17702d04ba2f5d95d58634d679a66184bcd6f1058.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2372	603fe42aed084316f3a149b17702d04ba2f5d95d58634d679a66184bcd6f1058.exe

C:\Users\Admin\AppData\Local\Temp\603fe42aed084316f3a149b17702d04ba2f5d95d58634d679a66184bcd6f1058.exe
"C:\Users\Admin\AppData\Local\Temp\603fe42aed084316f3a149b17702d04ba2f5d95d58634d679a66184bcd6f1058.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
90ee5ccc9d0005bbda783968dacdefa3

SHA1
8d4a54277e1c936c8dc861689362e1d750f41629

SHA256
8e630796c510cf02f09d96c32250d70319d00dd716529903569bc84a783bdc7b

SHA512
2f41bbc86f8b18115a05cc5d614599a21967512008f4a4f76e7200eb19a7263b4f4ec0fef129786437fa050638b1c65baf090b2fb2179624d616aaea4dff0882

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
10KB

MD5
86d57c1bebcbc3f23e0be20563a7cb0e

SHA1
312730207cacbff3cb9dbe5c9c0379c913d4be25

SHA256
af04629a97c63ff3665433e90539533b920667b346a8aaf8c5b5ff79342766c2

SHA512
fdcd8c3f7f9f4ab90e39565603b67b49b99ce87f507cb76d222c6d7df6f350e0bc3299237c3a153cb5cbaa009eb3fa65f60fa621a7424b25009fb34384ebac44

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
54b9ea877eb7bedecc92bf0cd6bf4798

SHA1
a6c90329965b2a3489bc72e1227d95ec8f01df02

SHA256
65674aa078dc7390d4c5c506260e6278781bffde78198b33171acae412387c12

SHA512
40451cc0917880dc9a798784e342d547f10648bd458287fdc4c8e74da283bf66c6b42ff6419778530edf8f8868e5c0fdb0d80f5222f8e5b873ed216ab4f62c59

Download Submit