9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe
Size

9.9MB
MD5

1460d169b4e85d2c5ace8ff4f96e76f1
SHA1

7f4c6f58aada84e42cb9f20e39733d1321829955
SHA256

9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35
SHA512

6980e8fc7d0391ad8975580b01ada9d4b6f8b627370e45fc7ec666bb1a41cf4d095beb2e910dd458d014754156964112b09bf60250c8c27f4b42d6b584ea2d2f
SSDEEP

196608:yvS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:yvRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
884	9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe
884	9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
884	9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe

C:\Users\Admin\AppData\Local\Temp\9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe
"C:\Users\Admin\AppData\Local\Temp\9ec0d2619dda79b2dd133f5a68eaf160dd4f4b230704d7f67beb6c86eda76c35.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
4326db232f34c0dc44a4a6adf0dbcb75

SHA1
2bb2f62cc9025371691caec8dafeba1bebe40ccf

SHA256
ecbc66cc3b170c4ed9c3cb85fe7ed2d7747b017a62f9f916fe4e89aed557c5b0

SHA512
9f9d87b6218d3984982cdcc6bd79ad2f7dfb06ce0fdb133e558efb5649dd281900be5981d02723ddf501dfab11d964009b7c3be119283a0c83e17adee5126720

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
cb9edbb2e7b60d36c80c2ad61fc575fc

SHA1
c6cbd27be7d1ecf9a1b19fe3c88977401ac5c944

SHA256
341e6ccd3a98b382e5f4de5189197e8d581f3da3520ae738ec66ac9f18d8824c

SHA512
0917d4e303d40c20c054d294d8feb3dececeb1f0f19ec4258f627a9a8017645ffb329e7135f17a9ed9af0b08ef8aec1185d217d13daf336dfa424f326da92d89

Download Submit