e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe
Size

9.9MB
MD5

e693f244c965316c982d1d31464b89cb
SHA1

9e531d4c06867036d5b5496e5b35062f30a0b7cb
SHA256

e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1
SHA512

18fa5f12283317e0d0cb5a1edcac3d3130de6e8878e1d071154e7081b030926ffb17d09680739c8cb1d1d5616ef69143e8afa66abaaa0ea0c5207f89109e77f7
SSDEEP

196608:0s+S0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:0s+RrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2372	e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe
2372	e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2372	e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe

C:\Users\Admin\AppData\Local\Temp\e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe
"C:\Users\Admin\AppData\Local\Temp\e566ea96fbaefb53e8f6d9096a1e5dd441579d66cb4e29384d475f2c3bb447f1.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
11KB

MD5
49f5e530fbf9c9c534470f3be38e5b47

SHA1
5eb748e397e8bdbaa27d08dacd31980fc478aa9c

SHA256
84bebddf4b5369ba805ca368e788c1aac2a5eecde366b6fdd42d132bb422e81d

SHA512
51f65ea6bb75ad0d276f6662a96ef9019261bac5f9c95eb84c9471207a31000e5b8606b5b4b2791008df9bf7f2ede97d87e0a9f416dbbd37528e811184718ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
1ddc00ac1236d184d30542012460564a

SHA1
4843e8b82d39b2f364b7219adbcd55b6a0c4a403

SHA256
c39049193fc404fccf59cd9e935d8ca0eec68bf20339e62b943ce671b7b8804a

SHA512
3d431b7122faaf9c927e33cc9720c5741320dd68722878b1d653be12d2f7384f746f3931216506521001fc398f0485e77bcdf080460ba2a2053fd4c9e1b499ab

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
db196533883f46b66dd660d7c040d51a

SHA1
dee9b6e83615f92314a7a4fdbe37eb6a26f21854

SHA256
4a862748d9da1b1452fa1e579ba5bf0f3812671652966f4eedfe65b5cb8dce4d

SHA512
c4134d5a4310aa9af25747afb785d40d91cb67419bbd873a1dfdb97e9b0a1cff3e542fabf422f10fbf731a916b5a87c2e99210abc68c7624482005e6605d56d5

Download Submit