c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe
Size

10.8MB
MD5

cc41e8a2660f04f4867ffb0eeaa3283b
SHA1

71dfb072d6a88f2b4032517ada9811da8b231f76
SHA256

c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c
SHA512

6240a77960fc8655cad3286202d801b5f905beed311e8107327296276e9a8ed7a91f45e3aa49d30cb6c5b5824ad64026c39dea04709e7dda506a49130a178231
SSDEEP

196608:CSWyusZSYASSJ7PbDdh0HtQba8z1sjzkAilU4I4:CSWyusg55J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2232	c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe
2232	c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2232	c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe

C:\Users\Admin\AppData\Local\Temp\c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe
"C:\Users\Admin\AppData\Local\Temp\c9cdd9aeab6492c9caa5950c794fa950825f9bc35b22248ae5bcd5469991991c.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
c162c883510217a394c783e27796d2a5

SHA1
d67ce8f6610e5569d6305ce3b798f792f7b20756

SHA256
3ea72d906ffb737b3509dbb9be3e29724e95a75429dd2499150cf63a63f7fd89

SHA512
e8dda1faefa3e263440176c1ff7042d261c5f5ceb5c3ef5de9092d4754191c2e8a58161c26c104ec33fbb65960c79267f95f184083ee2fd24e13b30ef54954fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
0f6c0f19f21f515c5819cbdbb8d20e1f

SHA1
61d0e624cbb71b0de53842454e57b412d0a58b5b

SHA256
9d8e835f877b1dc302d3614a495520006ea5c5840dae824c3ca3e69c7b7deb7b

SHA512
c2f5d9c3c125ce62dbfcb4c6ce4c39cfb708f5522072620ce536c7796b2de3b5ffa6f02a45b95182529ab826839dca1da1a2d69b4b3d37152745bf9569efb7ff

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
dbb12543fea2557e602c568b40966f60

SHA1
ef9da6353e51faf9f29cc25307d9cc1b728e49c6

SHA256
33c87529e2f011f9b0cbb890a7097b5bc5ef8dd7b2a907fd3c8f6107f74904de

SHA512
aee40f87f2410857b1a2fbf16b14aef05f2622be6e80d68d34f581ebcd920a503c631bdf2f7332b73a98873c945303261ba97ae65a058cd14eff3aedafca983d

Download Submit