14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe
Size

10.5MB
MD5

e45ef6f5b547a11ca992adaf424ef20d
SHA1

5f47552e6ba1c678affa51c2ae79736bd3f6a66d
SHA256

14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150
SHA512

690ca5b5f9787cbdb26d4c62b957a71cde000cbd46f876c724c854563c4c8b7285fb6adf90e6a0bae28bccf1f80e01c23fee07af9855a414467d53c160a0fece
SSDEEP

196608:17UX5SSJ7PbDdh0HtQba8z1sjzkAilU4I4E:1s55J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2388	14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe
2388	14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2388	14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe

C:\Users\Admin\AppData\Local\Temp\14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe
"C:\Users\Admin\AppData\Local\Temp\14ce579edee5b48a1276a070531956d5a9f3867989c4a40a9c8dea8c3b68b150.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
5d4f1ebbfd2d2e6257ebb2bcca9fb06f

SHA1
e908bbd3ce549999e2ef171b51b512a442e1ca1a

SHA256
4a8c56f7e9cf31535a3367a545b8713d33e81ccbb3faa4c727228c8e96e0b1b4

SHA512
01c3c922d8c82984140add89d14e1b012c604047c00606aa4174444545e793518048ff5228f95f13fe261589c91f86ce818e62fc5751de2cc3d4a0fcf01b0924

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
19de686bd528fcc9446a1c0a606d420a

SHA1
d8940c147fbcc550b48090008b60e911a560759a

SHA256
9bfe0760d591e728921e10d041aede6287d13ef3af903a02630bf751e6df77b4

SHA512
09263f9c9fa9c8e8e8de5e5d4b910b0721e52f95df66cf0e1412b2b6c50dbc8a2966da42027a5c65263e345da3e90e37c7da58cbb77786ac508f725b10d71ed8

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c0129c1da69c3e0371037d15779bff92

SHA1
8a41196c2a8389821d6b91fa7cac268a275ce585

SHA256
4fdcc5dad655dbcb696562b604fe3e39f7defbfe2337481e244d3e934c73004c

SHA512
f0922e686655bf46679eaea98a0f3c738034c36904a82675fdd095e268db0567f3947c85af2d3ebeb208818f22eca513f0167a55f96a65ec31bb036b5e7be98e

Download Submit