0c0750129ac77a52d2adecd864cf370741462a50ee6e3fb4acef693a91c8d834

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c0750129ac77a52d2adecd864cf370741462a50ee6e3fb4acef693a91c8d834.exe
Size

9.9MB
MD5

cdaaa3c8a5328758a9545143f9909884
SHA1

4e7c409b3e998dcd9343015a355a301fbb102e05
SHA256

0c0750129ac77a52d2adecd864cf370741462a50ee6e3fb4acef693a91c8d834
SHA512

52a6523572e40ddc5edc533be57aca85cefbf29b6a12ceeb6685c3fe6669f76f93cbe9cfa6ff640b256a21e8660865c1f069ccd93f9356e291210197dea9dcf4
SSDEEP

196608:yvS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:yvRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
3004	0c0750129ac77a52d2adecd864cf370741462a50ee6e3fb4acef693a91c8d834.exe
3004	0c0750129ac77a52d2adecd864cf370741462a50ee6e3fb4acef693a91c8d834.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0c0750129ac77a52d2adecd864cf370741462a50ee6e3fb4acef693a91c8d834.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3004	0c0750129ac77a52d2adecd864cf370741462a50ee6e3fb4acef693a91c8d834.exe

C:\Users\Admin\AppData\Local\Temp\0c0750129ac77a52d2adecd864cf370741462a50ee6e3fb4acef693a91c8d834.exe
"C:\Users\Admin\AppData\Local\Temp\0c0750129ac77a52d2adecd864cf370741462a50ee6e3fb4acef693a91c8d834.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
e55909fdb03c9d92171b98e1a66f872c

SHA1
87cac4c06d039734d91466749662a0bc540554c8

SHA256
810bc62eccb0617fe725ab55363c0cc7fe9ede5ab4ef7f041a13cc72f2798fdb

SHA512
fc367da97d14bbb1e2b0491736e55188b07ecd294d4ec0c9387a129aa4579c64d8e81ad355cce4821bb57d4229d27c5b9c7119ce51d782caaf884e4705c297c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
4b1007eebc26fc68956830730119ed90

SHA1
ab5c242386b6b0a3d025b2ea9ad0b53c3c157093

SHA256
ec9c5a721e57237a6c2a3e6c60132ad89660e83bcedfc81f0743416d19f20959

SHA512
3e33be7c1a833babcfaaa075e202538d7934397aa77a3c7560aa9670315f045bba45dff5acaf46c75313f0b38ac0832ba81556e93fc5d4aa9084386ed0586edc

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
eb92f5da6d8d7de3b60c6a8cf84cbd62

SHA1
e99611692c7babb26c4bb0c36a7f25c8e8f8e036

SHA256
7b12da090e67f7e3fe5ad8e33ddf7e844d8031ccc5e67ff6026197244fe7b3ef

SHA512
510a9852f945fd0f50bd5d8b02c6d64118f54ed7e1586d5fc5e0b11d43420c7d44bc1f36f4682005d059723225fb45e50e65de2349172b17a72b28fa821c2d43

Download Submit