86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a

Analysis

max time kernel
140s
max time network
142s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe
Size

9.8MB
MD5

13dbbdb9013735588421301de0a791f7
SHA1

10acb6ac4231ad909b45971234b0542653d08dc5
SHA256

86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a
SHA512

762aee11c1bd58cae3c70674373d0910b603711e6c754b6588168672b9f78f809e03b09b98dbe0916d454ef775b4063ab2b0fafec271346ec2c45dc44cc6000c
SSDEEP

98304:Abl/9COfOIIynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vVGyWWyfJprG:AKSSJ7PbDdh0HtQba8z1sjzkAilU4I4

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
1732	86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe
1732	86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1732	86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe

C:\Users\Admin\AppData\Local\Temp\86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe
"C:\Users\Admin\AppData\Local\Temp\86e23549b5f04fe0979cc368d318c10bd162a422416f58a27e0426fff927ff0a.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
9fc49825751c0fdec19d77882e5f67cc

SHA1
8f79102a1b98c57b9f57bdef05ec9d88520d6226

SHA256
6969bebdbc42391ccfdce8b182c530abd674c92afe4002b7b4d2c0c9ade92355

SHA512
9f43086f489ab57502c235feba635d157b26c90e0116b0d917e580dd1de1e401c804e3092c94b297e1f83f9552351c092c7bc835a26c9eff65c373c8a7353619

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
450f73cc4bcd95cf20281309f00a9f2c

SHA1
9d11055dff721d1e4242c346a8d25f86cfd38dc2

SHA256
04f82c3fdd66a06b1bf34468925b92bcc10117c96bc0cecb958471c21abb2354

SHA512
02fc984d21c699ea2368b6574cbf9864a36aa2906ac5084f3e544a190872d2bf59275c99305c7dcea4dbd45bfbc86ff76ef45464d572c5af31ed32e78896daa4

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
fea9a7fda9d24d5cd451b6fb8d6cf5a7

SHA1
84e42d40ca2c6e89fbcfb2b246c97ddde92fad05

SHA256
161d2ee01fb70d97486969c38d542841c4b4ba133887d7c606f0f02381ce8698

SHA512
6fc0a9c91df53072318d9a7695d0128f8d74b1e085967c68fceeffe2915ad386f90467f79793475eef314f612d153163b255e7af30dbe2e403a388771da9a1d6

Download Submit