089acca8b4c292ed6291c7ebc2fe2a1f4528abb0201d8efaa243899499358735

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

089acca8b4c292ed6291c7ebc2fe2a1f4528abb0201d8efaa243899499358735.exe
Size

10.9MB
MD5

83b5663fbb74f60bc3e4eb09bf1f3808
SHA1

c7eaf08ba1b7de2e0f94e119832721aa034fd03d
SHA256

089acca8b4c292ed6291c7ebc2fe2a1f4528abb0201d8efaa243899499358735
SHA512

5510dcaa660a1bf266d0b9a8f0f874c37fb172f8293e1db05fce0b7e7abe12f7c97ac5370072d0e9aa4b24b37ced467a4445491fad1465447e2a366c2def5e05
SSDEEP

196608:FzIsZwtDnJES0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:FzIsquRrDjtLKkOa8ps6puAktIz

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2996	089acca8b4c292ed6291c7ebc2fe2a1f4528abb0201d8efaa243899499358735.exe
2996	089acca8b4c292ed6291c7ebc2fe2a1f4528abb0201d8efaa243899499358735.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	089acca8b4c292ed6291c7ebc2fe2a1f4528abb0201d8efaa243899499358735.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2996	089acca8b4c292ed6291c7ebc2fe2a1f4528abb0201d8efaa243899499358735.exe

C:\Users\Admin\AppData\Local\Temp\089acca8b4c292ed6291c7ebc2fe2a1f4528abb0201d8efaa243899499358735.exe
"C:\Users\Admin\AppData\Local\Temp\089acca8b4c292ed6291c7ebc2fe2a1f4528abb0201d8efaa243899499358735.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
349c3125431af3057387321614f92543

SHA1
096ce53e49a0d73a0663ebd8a2547951dad608d4

SHA256
3052d9ba29cf09eba88aad4813e357f68f8c1ba7bf2b30fb5df154a4ee009cb8

SHA512
d9d0c9ec75545e0b949c77709a253c16885ddfa6016d349fff0d7d4fbe3755d777b54f4eb903eb1ac516a3bd962b573610f6132bf026cef2645263c9a1f4ecc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
8538a98c39c4ae9d1cc7c61276a56cdc

SHA1
b093446a5790661c2d6a37260d894db71779a239

SHA256
ee770722280211294224130a45795bb6cd847560a7d0357e836ed90053aca9d4

SHA512
54edb64d1be99c3c4f694aa34e204ceb145183a8b7c2fb90b97ff13d3f16bb042eed7ffb7614b3d7d8f97deb84eb93769cc1b8abfc6ab3f2563489590aa8736d

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
e136eda34b589f67990cbbcd8f7478cc

SHA1
2b8e1a3a28c0e83991fbfe980d33a159a232de67

SHA256
74be3853bd3e6239e31d94393909592a1946e98d7d54cbbff4d15376ff2aeca6

SHA512
f41eb72e4f9fb0f3d5d3cdef569961640f6f6c8389cbdebe3bc72d9bc96ee4717d8c1296b0532f146b3c822099fbc9b0e2a802076437ae961013fa5db27a7977

Download Submit