761d0b0de6ee13b964374e6105ff17c43db3825ad231dc07070888ad7472a70a

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

761d0b0de6ee13b964374e6105ff17c43db3825ad231dc07070888ad7472a70a.exe
Size

10.8MB
MD5

0f4004f05fbcf1b14330cef7cd328d80
SHA1

0fd2ee30eb3b33b6cac1ebb16be11b9d9fc6327b
SHA256

761d0b0de6ee13b964374e6105ff17c43db3825ad231dc07070888ad7472a70a
SHA512

cc95e9393185d5d95236f9a80a65725fc4bdb6625a08e7569a8890664723c9b36f1034be21ddb149e5b77c08bc2044b9ede3401a79dad394b012584ecf3ab79a
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
468	761d0b0de6ee13b964374e6105ff17c43db3825ad231dc07070888ad7472a70a.exe
468	761d0b0de6ee13b964374e6105ff17c43db3825ad231dc07070888ad7472a70a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	761d0b0de6ee13b964374e6105ff17c43db3825ad231dc07070888ad7472a70a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
468	761d0b0de6ee13b964374e6105ff17c43db3825ad231dc07070888ad7472a70a.exe

C:\Users\Admin\AppData\Local\Temp\761d0b0de6ee13b964374e6105ff17c43db3825ad231dc07070888ad7472a70a.exe
"C:\Users\Admin\AppData\Local\Temp\761d0b0de6ee13b964374e6105ff17c43db3825ad231dc07070888ad7472a70a.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
b60bceda3fc2da2a9aa1530a52857501

SHA1
fc0ee0ab979b6bc7e78003da185ecbc41dab9730

SHA256
79a51c868063f7ae2a01debd183799521ec33b4af61709ec3aaa0d27d076f893

SHA512
f343c04d590197aa700be848fc274f91226199f2ff3436b41213608228bc1eea2c267935cba25f79cd7312b0afd1305f4bd4c5f972c13969330c315b7dc15fcf

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
d10e8ba1106a405f635372fe2067c6d2

SHA1
a669882ff281e02af34c7ad60c4491e60ebfaa9b

SHA256
2bb1d2443da90fa1e426669f3e289ee2b856044ac7c379d38ec40f7c40978613

SHA512
70e704e2911c09232908969262e2283c2d97c6a8e542e950549bea04ebc93d00b3cb175801acad143d1928641459b6d30006feddc2b00cbfe00a9bc8427843dd

Download Submit