8bf7e221d5915a90dff19e8c95721e3c2d2efb9c4df73a802c991fef539588d2

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/09/2024, 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bf7e221d5915a90dff19e8c95721e3c2d2efb9c4df73a802c991fef539588d2.exe
Size

10.9MB
MD5

f831ddd2a5af2ad680c70e374ef4aca9
SHA1

dbd0871792a4dc1f52f0eadd20ad32d89e38d175
SHA256

8bf7e221d5915a90dff19e8c95721e3c2d2efb9c4df73a802c991fef539588d2
SHA512

9c8bae66ebf07879fd50dc0daa3458300d73888b81c4f8b005583a10641f1cb5147c420eb056a9da2101aec75a534737a476fc58fc5c14630d6be2236d3381f4
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2400	8bf7e221d5915a90dff19e8c95721e3c2d2efb9c4df73a802c991fef539588d2.exe
2400	8bf7e221d5915a90dff19e8c95721e3c2d2efb9c4df73a802c991fef539588d2.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8bf7e221d5915a90dff19e8c95721e3c2d2efb9c4df73a802c991fef539588d2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2400	8bf7e221d5915a90dff19e8c95721e3c2d2efb9c4df73a802c991fef539588d2.exe

C:\Users\Admin\AppData\Local\Temp\8bf7e221d5915a90dff19e8c95721e3c2d2efb9c4df73a802c991fef539588d2.exe
"C:\Users\Admin\AppData\Local\Temp\8bf7e221d5915a90dff19e8c95721e3c2d2efb9c4df73a802c991fef539588d2.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
9113c60ac92431f1e2f790400de9c079

SHA1
a3c0fbeb03af6b0336743285b078ab25cbc4c074

SHA256
03a3a583b34bd4b8041a5611caa1a458bbbfc7c02f5573bbff7d5763e42cbc22

SHA512
164ca09a5c7d07e7bb1d198410427e648764bdae83db60408a2044daaba35aa4efc39a614b14fab3a9d3c99a894b26a5b47a8c5e9975e8548f21381a2c02f46b

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
26bb1c8fc2f11ea4171c0081083bb678

SHA1
b43f33432def1ffcdebf34840623f67583aab54b

SHA256
7b4640256c8c3b983fefabb193a966cabfdc1d035e15e7472f8762292c0bc466

SHA512
a84c85693828053772c09adbafdf6136326243aa2af9f3185ebaa6fc8751fbd2127aa535a5d47cc64a233f8d23e06796409c6acab7a1eeb4812eb2e393de4958

Download Submit