da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34

Analysis

max time kernel
52s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe
Size

9.9MB
MD5

766202ae1f3698b4a592f0a28fd77f70
SHA1

5932880fdbe08368cc07757e52f035783f5d553c
SHA256

da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34
SHA512

920150fc5631956a6e4c155c615c6f457008d079f163dec8d6bafd6163577a1a4d04e4e1d6ac67772a19656fb772a951a796ff7fca9f4e43aaf1e354c0524a23
SSDEEP

98304:IzbdCx4iuyQynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vVGyWWyfJprR:IjSSJ7PbDdh0HtQba8z1sjzkAilU4I4

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2476	da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe
2476	da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2476	da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe

C:\Users\Admin\AppData\Local\Temp\da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe
"C:\Users\Admin\AppData\Local\Temp\da93ab2685383fa9aeead5d56f9e59930db23804fc4443bed44ecd4c9cad1c34.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
c59b25637a5e85c93429871b9a8cbfe0

SHA1
2707e098bb1da3140b013ca0f3dabe15706b164d

SHA256
b52939f0f52df0c794f2a2ba768e960e3997201b823b1f6409f06d11902ef8bf

SHA512
4bf05a07e1fb529d2de20007081569a612784d9334c0ac4a3eeced17b4f8d66fee02a3e40aac702b2aef7c0d9e8af1ccaf8d476742f08eb2956d8bfc763e4e0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
057d88d545c52f5658f913f784930c3e

SHA1
576d4db56091d71cb78edc4a7b64e548ab34e1bd

SHA256
86efe9396c65e41d50fc5883bc3f4cf195f3f389465a0a101892f5b1b8174279

SHA512
deb27c25ecab11001c757747908d5a6c34e16e877d37401850f8536bf60c45d9b32f8856b23cd0ba937a995d14e3a44f94b974e0653f4a90c927246d0a69b634

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
120a9b9e060da0613ddd1d6653d78bc5

SHA1
b1023a00189231c8be43907da13c539da1219f5d

SHA256
f003a5e59adadf5d0b302248a4df873705ea9838526847d0e3848efb5c893766

SHA512
19b3e9f3db85858748ffb674aa3f52ef9d075e57246e246f853542b47ff4d35e4c5f9935e249af0f9a08b116d7b0a303be8f68532bdd98324af0a65be6887dc4

Download Submit