e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02-09-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe
Size

12.1MB
MD5

8c4fdf1307b9f5ddadc4694c51f322ea
SHA1

04074c150b61dc73d3221296b74240db4e7958ec
SHA256

e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9
SHA512

7bacee5fbb427b387810eebd94346d1570d784d6aaae664f1ddff6b0609cafc9469060046c3140b5d335b4fb55530758474bc4477b9b53a8342a381dd6749fee
SSDEEP

196608:Lc3ix+GjP81SSJ7PbDdh0HtQba8z1sjzkAilU4I4:LRvE15J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
1460	e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe
1460	e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1460	e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe

C:\Users\Admin\AppData\Local\Temp\e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe
"C:\Users\Admin\AppData\Local\Temp\e3b5b47c99bfca89caa2fa2996e631695573912913ca5ff97b61ef73c0fb05e9.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
c870c4ca265633434db90b0ceff90ad0

SHA1
ff5fe1959d8c7ac121771f11f88b8969e4271007

SHA256
bd1318ba7450be626a1722610ef7b8d0ee3ee70ca9be9cc01fdfb73148d5085e

SHA512
54a86a7c37dd6ef7cdfa5018a81202da8ad76d69c62d353c5c13852997f8e5ccc7b4b295caf0ab1a1551aaf75d739570c94ddb59af53c6dffa63c92d22950984

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
0ad5dc8f0059a38796b591ba32576c5d

SHA1
63a361e1b00d768f8b8890be5e5d436a02ecf167

SHA256
5565c4e10c2070e435ccc6a02d0e1efa8b3aec8aa61f5745e2f05cd4baaeac3b

SHA512
aed5589bcbd05cd354077e7dc103ddfee3b9b4dc49b3d32cd74feab92825b3d31073a683695ab80d6efe4a9f69d4e3b935fb8acec19d54f634cef063ffc4d113

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
dab405340b095c3d50a5e4a712092ed8

SHA1
2ec44104a82127704b54e218e213464cfb734ed1

SHA256
c692657a37b92d8a435de1601485d3dbf4ceaaa5693bc9d60c798196e45b358c

SHA512
7b938c09fbe3e1f003dbd7b1b69cb6c958d480075ed99113da867051eabd4be404d3cc786f433fbef59f4cf17aa8747f81c9fe1e1b5343149501e0b8e9f198e8

Download Submit