f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04/09/2024, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe
Size

10.5MB
MD5

2fb670ce13457a072e0319ea474aa9d4
SHA1

c4d566f025eaafb394a583b451575b583ed3426e
SHA256

f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116
SHA512

1b653e60c2ba4205e91749feb155de7630373e7fd5f58c979398330cff2c052e35ace14669b15c618e2102caaaa025e44689b4c77f59f9d8f4e3ee504ff6607e
SSDEEP

196608:ONlYgS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4T:ONBRrDjtLKkOa8ps6puAktIzT

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2596	f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe
2596	f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2596	f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe

C:\Users\Admin\AppData\Local\Temp\f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe
"C:\Users\Admin\AppData\Local\Temp\f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
29de5bddd26b4da069940cba19cd0a87

SHA1
0965100326f30284a31fe871b24f94e7b1e1071d

SHA256
a918d4cbb4b187427047df1a850849925dd4994184e9474b8b405680620348ec

SHA512
fc139d21629171beff10e99606b5b5a180ed519ff6463a16d19c7f386644129be15f936e655c002d1f4886533433b43163554e75f6dd89c3ff894a24e4318103

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
42925a49b97c325fd58c9d706c3e30c7

SHA1
78684685ff70b93d8fc342bd221c220caee26a5c

SHA256
2b9d6a0547fa3154bbcdf6fd1439a5425e81d05485086f1f5405444ae69fcb09

SHA512
77337fbc300a54d7f24e95678f86c872743824cba830a33be9f264529c266e2efb0b877a8c2150d8634700f2a568dd373d9aef1d4b8c9f18e0caa92faf2ad374

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
72071a1065026eb25c56757ea0d5abca

SHA1
fff9cd00b09e38754c32a03b55c164bbf852655c

SHA256
785c631f10eacff4ca1e1f8f98a51ce3c5392ca7cf84ec2b93ae7b9f1f502f75

SHA512
04bda43baee228802a9c1fb5aa911f0277296618380e1d96edc81a6bcb3a64e8370558f695a0389aa8b0d910f36e91fe71c9592f52d35ecad5604173da9bdfc6

Download Submit