7874729b1894e7d7b95d0e1d8a049c3aca9caff76caec2a5ec311560eda93afb

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 22:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7874729b1894e7d7b95d0e1d8a049c3aca9caff76caec2a5ec311560eda93afb.exe
Size

9.9MB
MD5

da1c7c6f8124e5862561472b451216f9
SHA1

198d363c812897af5a47e66742ff854891b46bdf
SHA256

7874729b1894e7d7b95d0e1d8a049c3aca9caff76caec2a5ec311560eda93afb
SHA512

589f6938c51d1f66a61e7159dcb5098f2f350bdc89f282a9fde5ef07e38f3ca086105ba8e5c5009e037c7426c25a6d5563fee95901bc88f86f034590ad4c342c
SSDEEP

196608:NfS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:NfRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2736	7874729b1894e7d7b95d0e1d8a049c3aca9caff76caec2a5ec311560eda93afb.exe
2736	7874729b1894e7d7b95d0e1d8a049c3aca9caff76caec2a5ec311560eda93afb.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7874729b1894e7d7b95d0e1d8a049c3aca9caff76caec2a5ec311560eda93afb.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2736	7874729b1894e7d7b95d0e1d8a049c3aca9caff76caec2a5ec311560eda93afb.exe

C:\Users\Admin\AppData\Local\Temp\7874729b1894e7d7b95d0e1d8a049c3aca9caff76caec2a5ec311560eda93afb.exe
"C:\Users\Admin\AppData\Local\Temp\7874729b1894e7d7b95d0e1d8a049c3aca9caff76caec2a5ec311560eda93afb.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
daafeefae1647bf6336bec556ab42b47

SHA1
f3e09db7c7c009bfc192d86bf940791c0ce0b779

SHA256
c4a1ad632341d93e717122d7bc973ea5b7b63874324c67d72f19d28940fc9338

SHA512
120271842ba7f9be526cdc72cf548e059a27e5cf87eee5363e01677a9989cba82971e9409621396fc7a60f93f9293ae2fdeba34a260502d89bdec717b46955da

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
e04a133400de08c4fc7b612ae5d4bacd

SHA1
8bdb3510b0d439f514aa41cb94b736ee86ff537f

SHA256
d3b95544d0d49139f9cd5848b3137cd8584164d1ef37bdcf6d83c99ce5ea99fe

SHA512
df7c551ced6aedcd50d93975531bfceaf968a1d5e7f978835fafe336ebca42f1ef33df1245ceff088ee8c9a1454b25b8c6d9d88b3fdf823be6a9391ed4615b15

Download Submit