5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3

Analysis

max time kernel
145s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe
Size

9.8MB
MD5

8a6886cf407199f93288d09502721fbb
SHA1

ddfafe8db25527701b27960ab4dd311f70004cc8
SHA256

5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3
SHA512

9929fb89382cee20ec561e49193fd7c985c06c96e2530b5524272f130a9801d2d09c4a27fbb2d4917cf093a43b9f24560723930641cf1347782e5ea60449d1f8
SSDEEP

98304:OLl/9COfOI3ynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vVGyWWyfJprG:OxSSJ7PbDdh0HtQba8z1sjzkAilU4I4

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1932	5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe
1932	5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1932	5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe

C:\Users\Admin\AppData\Local\Temp\5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe
"C:\Users\Admin\AppData\Local\Temp\5fa93974a9ecd4e82af6f7a9bbaa91bb63dcfe657cbac2814aea1ad90a9dcbe3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CabB944.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
ca7f65af14fa4ecd3c031d939258e5f9

SHA1
7905920f3e75f1edc3661e6a6c2edd72baba2076

SHA256
302d39a03f78b6443143ab545882241da7db71f3d5a52ba00f0486f50d40ce3f

SHA512
f002673e9e93efa989a36bcb1d887c46967d31d76db25320a78f9e7e346cc27ba62c6c344a9eab4a48afe0b0cabed295e9e3bec6f4bbe16e25be85851fa8da1b

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
0060c69f3a5003ab84da923ab6ba6b57

SHA1
5a822deb7927a5762ac8e210fca81a260f65b280

SHA256
e1ebbaf738cf96eab8ed2ae97b0cfaf6674acccda6acddadf3afb26ee4f1f262

SHA512
1d3b45a48f1becca1a566c365785c7f0ebfbeffba034d999ee1267cd32945d444857db73860ff4584b302c182e92ff73de7cd91f0bf6a64d3bee0a4342b50af2

Download Submit