25b2f73042901f14cdb4cbe61d6aa16075c321c82b0677f8cc29303de887413b

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 04:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25b2f73042901f14cdb4cbe61d6aa16075c321c82b0677f8cc29303de887413b.exe
Size

10.8MB
MD5

e3998e3333b69cc48b5562a8d38b5160
SHA1

35e11ba146024a44efdceabe1171b204b9066c02
SHA256

25b2f73042901f14cdb4cbe61d6aa16075c321c82b0677f8cc29303de887413b
SHA512

2308a13df052d2b998b3612cf961f5a3812ae6ed9678631897e6c0a3c3b163b2084f7a608b0a6c95df6009dfdf88f036a89ffbb765f8fb8ac9fa89731c922ba3
SSDEEP

196608:hHWWK8lSSJ7PbDdh0HtQba8z1sjzkAilU4I4:hHWXU5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2288	25b2f73042901f14cdb4cbe61d6aa16075c321c82b0677f8cc29303de887413b.exe
2288	25b2f73042901f14cdb4cbe61d6aa16075c321c82b0677f8cc29303de887413b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	25b2f73042901f14cdb4cbe61d6aa16075c321c82b0677f8cc29303de887413b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2288	25b2f73042901f14cdb4cbe61d6aa16075c321c82b0677f8cc29303de887413b.exe

C:\Users\Admin\AppData\Local\Temp\25b2f73042901f14cdb4cbe61d6aa16075c321c82b0677f8cc29303de887413b.exe
"C:\Users\Admin\AppData\Local\Temp\25b2f73042901f14cdb4cbe61d6aa16075c321c82b0677f8cc29303de887413b.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab9A8E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9A91.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
a6e7113132a1b9d3f9d20253b008a832

SHA1
64dce4e3dd4dcb7e096a4646cd170c7ac9a2783b

SHA256
e8f066b947a1254114ef6c2668c182d21291d0c219a664258b8775321578df24

SHA512
1f8cffa3807fdd2aad89ed7303997e3d29c9c4a7faffae32872bd3070728e13c7eb1f225521bdc539b3572e2de8ba5291ce132902f4ce2ef8a35c003ec2b5788

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
7e565bb3d3b14073539852b4391c4855

SHA1
fb8e5c965e9b483f9a04cf7829e082eda30127ea

SHA256
3447197442c4536a019a602decb4ed7eff4fcc37c65e7177d523bf5b854a529d

SHA512
3a21a0f959f4386faef8fd7b19bf764f647f231a4a67870ab0756c834c1b322786fd62e9648a1e46e15b6dd5f06b765c8778be1718207c39dd208864e37f4cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
407fb4a6d7c12e789a58039c1a2046d6

SHA1
4f0c56125bd9b11b36c49c514f2da07b65be3f37

SHA256
1a969c281cd6541116ff6ff0af4e3ca0594095ec5d280631eaebfcea4575a678

SHA512
4eed8f7e8728a8f63d049f6bb5c77e089b6f2ca0657d5f90348f6713ba81ce7b353f036bc45e54d0be989519edf06595a61c15823f5bfd138c412018a6671fde

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
23abd2eaafd2adaba0c01759ae52fea9

SHA1
d1f7d68a925bfe4d1a1dbe80426fcd7dea128a4d

SHA256
ac0ac5f878703ac1fe8c1efc50aa479f4e4e210726a04f237bf76e3967a5e08f

SHA512
1233636dece62bd13e3dd4deac86229a4634f221fcbaea8755de2e8e53afc1df6b2abdc2da2f8a2c6f3a020f0e96f2601950ecdd03f53f1e83d9f9fa0540070a

Download Submit