ba43fc01fad8267708cc7f8405e08970724c198bf47354c0d9706d3c57a2482c

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba43fc01fad8267708cc7f8405e08970724c198bf47354c0d9706d3c57a2482c.exe
Size

7.6MB
MD5

b66774408494181c3180963e95b48404
SHA1

51ad154ad4ae223fde69a2c45f3d5b007dfce6ee
SHA256

ba43fc01fad8267708cc7f8405e08970724c198bf47354c0d9706d3c57a2482c
SHA512

b260873a639d9ca443d3e78f3f056f28b97cc76626214e3120ae724eb07507d90025a65bd8c919655e8581c9a96098cfb4b31f7befdcf8b502aa6e992fcfb35c
SSDEEP

98304:bP5mq4RW60WR+Qrvg7D1GYOh8NbFPAQwDfWw08dGODav43c9N6:b6R187D1GYOeNlA7W38NDaW8N6

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2296	ba43fc01fad8267708cc7f8405e08970724c198bf47354c0d9706d3c57a2482c.exe
2296	ba43fc01fad8267708cc7f8405e08970724c198bf47354c0d9706d3c57a2482c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ba43fc01fad8267708cc7f8405e08970724c198bf47354c0d9706d3c57a2482c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2296	ba43fc01fad8267708cc7f8405e08970724c198bf47354c0d9706d3c57a2482c.exe

C:\Users\Admin\AppData\Local\Temp\ba43fc01fad8267708cc7f8405e08970724c198bf47354c0d9706d3c57a2482c.exe
"C:\Users\Admin\AppData\Local\Temp\ba43fc01fad8267708cc7f8405e08970724c198bf47354c0d9706d3c57a2482c.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
b38d63fcc0fffb9528e36e711bbe790c

SHA1
f9f208acf1aeafd2f744d21e528e5016ef309630

SHA256
434518ce2cdeec5805245e0924ac25f289f31446e3cfc3f6a75f7960a1b6acaa

SHA512
65af149d7aed9af73e5133dabaedcbe7adbd10b1d678c5afeb6bbaeaf1fb2a65296aea1a003d274a9f659e1a7e6eefec032ecb0b5d1aba232b30e3f9c86118cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
1ddba2b300765bce43007981d8627520

SHA1
c57497c82eeff1fe2327ea3a476b8696e97f60fd

SHA256
e09df522a5f1ebea9d14986847dd6022812fcb352870cef13d08269b405d0afe

SHA512
920c34ac38055ac99dc3b44d923e5ec22c0dd3e2a5f34e86cb08ea67d3dc28cecb522b0bf27af8e9d1363f44327d5d9b6d2e9e5bb07d43ce8f1dbd606a046374

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
f12fa11de8cbe14cb1c2ea4db34da129

SHA1
883f01b6c99b51bfdfb7ccecb9f74bf96a9a52c9

SHA256
9850a6339b6c6dd644a08f4a3f6de551d6343edde7abb41bcc7314d380e5a2ce

SHA512
ab2592c4f751d97c1b495723f6625721f8ae5ae1e8f3fb61debb26f8b83cc7f8eba0d07e67dc20f9f183c63bbba68186a8120c8c3c31aabe6f971820d1d23c67

Download Submit