f700c0f30bbc25f649756208476da42d67613a9cd0a76ca9ed603d58a6be7c6d

Analysis

max time kernel
117s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 14:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f700c0f30bbc25f649756208476da42d67613a9cd0a76ca9ed603d58a6be7c6d.exe
Size

12.1MB
MD5

0d5d24ccd23657e74e3316aaca8a4807
SHA1

6334ebf1735b513ac6c99e67f99326785ae7fa33
SHA256

f700c0f30bbc25f649756208476da42d67613a9cd0a76ca9ed603d58a6be7c6d
SHA512

0f8a6898b8369d697a8c9e0925decbb3a4028384940f59f8f9604b81f511c9af7c8997cdf5f132164eda79ef740225d8df1c40ed4558c2f6b379c2fffb8379b6
SSDEEP

196608:GvuodItYi3fcRS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:GG/Gi3URrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2576	f700c0f30bbc25f649756208476da42d67613a9cd0a76ca9ed603d58a6be7c6d.exe
2576	f700c0f30bbc25f649756208476da42d67613a9cd0a76ca9ed603d58a6be7c6d.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f700c0f30bbc25f649756208476da42d67613a9cd0a76ca9ed603d58a6be7c6d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2576	f700c0f30bbc25f649756208476da42d67613a9cd0a76ca9ed603d58a6be7c6d.exe

C:\Users\Admin\AppData\Local\Temp\f700c0f30bbc25f649756208476da42d67613a9cd0a76ca9ed603d58a6be7c6d.exe
"C:\Users\Admin\AppData\Local\Temp\f700c0f30bbc25f649756208476da42d67613a9cd0a76ca9ed603d58a6be7c6d.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
7fbc54b94551828846cd811c8b77ad07

SHA1
23789fac32f5637c2b5eec57d39a406313c4f764

SHA256
e05249a5a2199094b5d31a9e56887a4bc4f7d9b0cead1bb33796c766483a6d12

SHA512
5dd0231a7c652549f71847c2c3afd57ef6ce08e5a263628d45c465eaa915533b15bf9fc8bf1e8db472c0f40edd5a665538e481226af46079e7a0fb805be311b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
0629cd6259ae712c3b039d0129ba3296

SHA1
20242e0ec6e5600dc333be738d9af06df8b337a9

SHA256
da34c6eb6707168191a0e365fc5d6e93a2a3d8f5dedb6e2b53cbc92b89935578

SHA512
6f1e89bc81d9d96dd15a80a9966a113c4c7fa392a89c33bdc66136c644027ef7d1d96f2e5e494285fc6e0441f6f2f72b342eefe15f89538690786e151d6c6b0f

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
d587f90e93e05fc4d652a270ad9c6889

SHA1
1155e61de8f81550f59c19b06ac1bde8eb0730b5

SHA256
d626398cd523ef5c58fe0ce75091873b74872ebc96cb9e56b5aea7d2c85ca926

SHA512
6437780cba6915dd681ce5d52294d97cde1ce2dee3de190f8fdfc545d9423255612c4e4fc1671c7f5ec94363dc367714546482d2c316d88539afafff583a273b

Download Submit