5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5

Analysis

max time kernel
114s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe
Size

10.8MB
MD5

074d93cd2a00a9c81dcb2301098105c0
SHA1

243e2fba36ec7e796af7a17ceaca7210a8aeedb1
SHA256

5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5
SHA512

a85ebbbaa5fd9760094ccf82f0880b0db173898c52a5c5cb224133ffe1c0b7098c3e64bd049ba642bbd6a9eef0fefbd3114361e5dc1dacd6b0b356077b816fd8
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2556	5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe
2556	5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2556	5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe

C:\Users\Admin\AppData\Local\Temp\5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe
"C:\Users\Admin\AppData\Local\Temp\5bf0d7e407c92bd099fa5f31ffd2b3174eaef3bca14792d6e942330f49922ab5.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
98cbd73ec3d10cc13bc47c61fc31da31

SHA1
e507a8d1876e942c4415df54d050d69df325f524

SHA256
a522d1f9f3ab3195271823eeb454f064d645099a785b23be480111912bad7453

SHA512
388d277c3dc5c5e3053d902eee4578b2b9cf60bd4227d6b35145072c6fe99410b374ab9a14419725fca085f056849783ca8c8fcbaa9c26e31f00d0fb4a33c58c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
dda6113ea4e957616ac2c7ebde381aaa

SHA1
5c80935aa4e4d9919e0a0d74fe20db27e59036be

SHA256
cfcaf90ca7d7e68245b47d9c6334de4585c5cadd88d6ac88c79a120f986e48c3

SHA512
439ee3889c75f80fe345551366e69249848a540b35100470a74bb994e32f0310769ff0b25e3bac1f0575c1e07ab31faa6390d5d81761d8877d3c233477495ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
8211f418dce0667e85d1c0881773ca58

SHA1
28697d7840ab1bb8e77f82bef8a3aa858aa096b6

SHA256
c334ed7e731916b4df5513db7e0c8fe930e4e6f7262bb9f7810de726fc87eeda

SHA512
dbc6f34b916148a7901f313c586dffbda359e49cbeeafab59b2b6e8497e0cc839b8e76cd01278dafd38b4957ed51bdc3c01f0cbbb0427b87aef805d9c14af32a

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
6dc1b973b0764fc78a09c7a01fdf47d0

SHA1
ac7f72785ace5ce1dbdd0ddee90547c3276f85be

SHA256
b4ef866c3ef54b8c7cb789b60b1b46ea2e9d320b0d1e32c2aca58977b380e580

SHA512
d96abdf6e9901a1dc2b5cbbd92d0250f7465a6dd70647efa03fddd0b6dbec06b576e9cd77409e442562fdb107ab534c47e9a4a0c01cea4be1b61ba03c20b81fe

Download Submit