89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe
Size

10.9MB
MD5

250454c58b4cfd10930e6de1824c7666
SHA1

2f4bbcd4bd9d9be6a034d49274df05ce2f24b7ac
SHA256

89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714
SHA512

6e3eebf7f8b0968e6b44681ee5538df27b018cc75322d179098ecdef9d46138a3b6508a2356a15edd13a12e3091886d94dffbc4ff6930bd549b726c272adbe5b
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2708	89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe
2708	89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2708	89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe

C:\Users\Admin\AppData\Local\Temp\89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe
"C:\Users\Admin\AppData\Local\Temp\89215d3e9b119783884562962a99f1ca3443a38324da282709b720d0d1d7e714.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab7C73.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
6769eaf45e9958c5c8f362131bce4af4

SHA1
7bffc4a2555458d115b2e59fb951873a124155cc

SHA256
9e1dfade72160c1469bff19c7f412042a06ec59d1ed7dfd599403cc7c26ceef6

SHA512
4ec8077c5ecf935013242ce01d917a0179dd4c9767c0de5d26db922938d77caaa9d851d3a26877ac2ce87161caaab7d291f960c46f07bb3087f0fdb6010c2b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
6c291d9b8fd5f9a7050c425cfd327e5d

SHA1
1c7a1a999eb5452a440d4cb223cf3e8a8dfb7b90

SHA256
d921c640e7369308a7ab1689746c7d0fb338e659c119e170faa323bdaa159db9

SHA512
866500d7d5f10e2d1081fa8051e461ffa81ae27be2e8747bfdb4fbe944edb124424c17fca02f3400fd6a8adb8b1257de90117e3d81dbaf72d42efbeabce3e037

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
a57fd00f4f2a76105302d7f6386ccfb3

SHA1
3c9a8da69de7a92aa1530540a8b4ef4364d7bbde

SHA256
f0dacf2be4509a21d560631d625b9bdb8cdec86a728b08d3291e12390868fdfe

SHA512
bda5bf669408dce9604681452cd91ccee598d1e64bbe93e41bc69c67a3935a0c8a466fe923d483334f716032b54957e55d7f03fe0d06d144dd1cec86e9b0f54e

Download Submit