0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72

Analysis

max time kernel
32s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe
Size

7.8MB
MD5

089b91f41a0ff6fe6d2901fcae4724ed
SHA1

017dece04f6cf64817b99e4cc38837f631a96b9b
SHA256

0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72
SHA512

8e02839263246bf5c7c1576f91ebeccd9b223b4c6b4136ce01967c6b366996ad395f89926ccfa95d0415f462bc8587ae631a939906a26ff82de6cafefbf4a59c
SSDEEP

98304:9uGeKJXtebYOSTtfj6iTKdzOJDb4v+qMdg95WQQMIHp7w0r1hCETL8uE2Tp2m/e:soJ3fj65wN0v+q1gJ7P19FtQee

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2316	0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe
2316	0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2316	0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe

C:\Users\Admin\AppData\Local\Temp\0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe
"C:\Users\Admin\AppData\Local\Temp\0b9cfe00c72c4a502d2922e9d985539c9898794e67b5e5a497d7e6fd12992b72.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CabCB00.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
f88b2b03089f2e8ce7a1d3e7f10c8b13

SHA1
aaf3f64d49c5ff56fd93adc7ed2a6cc2e8f8bd29

SHA256
8c890232d4837405246cb7047a055652ab5d415eadac39889864aadbc77bf4f4

SHA512
e25e90d16d0d603ccc3840d4e6044e5ee15ba02265b572c8e9af506d5b54178f55ae0e578c6f1a35dd671e16a3e113abedf4daa19261882532d31c88d906df3a

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
d0a71461635ffa1e0a91ec8227b130bb

SHA1
1f985351be4b62060bd4a41db0779037118be8c3

SHA256
ca60b5359cc82012d4de48a1f538db89185646db82798e250f86dc5c13836bff

SHA512
68a2050aa24544f9b57d670b0a08367bea624ed549a08f95a86211a0be9ee815f3c503e539577cf773696f3f4e5a15ee43f02c7213d765c106d051ce981b1235

Download Submit