58648a873478f4edbc9cd90970c62f9c189ef2e289bae05a63994fae85b80b69

Analysis

max time kernel
127s
max time network
143s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58648a873478f4edbc9cd90970c62f9c189ef2e289bae05a63994fae85b80b69.exe
Size

9.8MB
MD5

3029feecbbc6ffb1a4aa10ad9fcc1b2e
SHA1

04d6d1d4ffe58ec1862217d54725b26d308bcfee
SHA256

58648a873478f4edbc9cd90970c62f9c189ef2e289bae05a63994fae85b80b69
SHA512

63e349f93c3adc0e54fa4dfec5109cf1bff26d7447a24f203215b85da05af61877bc26f99939e4d7c24aa4c0dcd723901a07b1c22e98eb7acf834bf220ac3852
SSDEEP

98304:AxbdCx4iuy7ynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vVGyWWyfJprG:A+SSJ7PbDdh0HtQba8z1sjzkAilU4I4

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
1176	58648a873478f4edbc9cd90970c62f9c189ef2e289bae05a63994fae85b80b69.exe
1176	58648a873478f4edbc9cd90970c62f9c189ef2e289bae05a63994fae85b80b69.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58648a873478f4edbc9cd90970c62f9c189ef2e289bae05a63994fae85b80b69.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1176	58648a873478f4edbc9cd90970c62f9c189ef2e289bae05a63994fae85b80b69.exe

C:\Users\Admin\AppData\Local\Temp\58648a873478f4edbc9cd90970c62f9c189ef2e289bae05a63994fae85b80b69.exe
"C:\Users\Admin\AppData\Local\Temp\58648a873478f4edbc9cd90970c62f9c189ef2e289bae05a63994fae85b80b69.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
ad49ea3943a43fb75920b1c6c133400e

SHA1
38507194b2bdf5ff5f52192df4736b15370622d2

SHA256
21321fb223364e31d48bd2c9f8bf4bb4006cc2a954e6d6209cb2042f27b287e1

SHA512
95e5a86fa76875e4f1e0bd30c578f53e83eaa9cfa3cb96f2c9f07d5903b9d5efac9e672c451c4858bd646fe30458b4cbd5f40e4832caf0a99c87346eee765dfe

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
e6112b620bcbae9a6a251985f1730b75

SHA1
476f9c8d74c887fc11a981d91d4a50aa2b4db400

SHA256
070708e26a46ce1de6295337259e8c488eacfba8142d49b1f2ea4de361112c05

SHA512
4d3d155e0cb0a39f58bae0dfe27a1e5007dd558b628df759c388a48c546d75778ab0251f34a34d550e9d5f9384e1f03ce0acf75c274e127ca8f9fa0123af0010

Download Submit