9833d4dbed6d3bf4ae90160c4db3b5309ba6bc09792ee6c939d8fce4b7f35b76

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9833d4dbed6d3bf4ae90160c4db3b5309ba6bc09792ee6c939d8fce4b7f35b76.exe
Size

10.9MB
MD5

cd33accfaf916350c1fff0799fd1abe0
SHA1

8880084c89d8763197e6e55878c356ea64d63c81
SHA256

9833d4dbed6d3bf4ae90160c4db3b5309ba6bc09792ee6c939d8fce4b7f35b76
SHA512

6ec32b3e365c2af92a4ef3bc9eea48d20baaa4e632ed17339509c671e0454ca818f95b653320c0e24df1257686c3949fcb9f0828433c9b6d1ebd3310d4b31ce7
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2224	9833d4dbed6d3bf4ae90160c4db3b5309ba6bc09792ee6c939d8fce4b7f35b76.exe
2224	9833d4dbed6d3bf4ae90160c4db3b5309ba6bc09792ee6c939d8fce4b7f35b76.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9833d4dbed6d3bf4ae90160c4db3b5309ba6bc09792ee6c939d8fce4b7f35b76.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2224	9833d4dbed6d3bf4ae90160c4db3b5309ba6bc09792ee6c939d8fce4b7f35b76.exe

C:\Users\Admin\AppData\Local\Temp\9833d4dbed6d3bf4ae90160c4db3b5309ba6bc09792ee6c939d8fce4b7f35b76.exe
"C:\Users\Admin\AppData\Local\Temp\9833d4dbed6d3bf4ae90160c4db3b5309ba6bc09792ee6c939d8fce4b7f35b76.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
d3bae4e1d0432f0b52774173a1736da7

SHA1
adb907dd2069799f7503390fec24bc319f04b539

SHA256
7f6f8939b2349ee9cf2fa7b936c09bbe211f639647d4759bb021049b03e22e56

SHA512
a4686e2856f43dcb70fa372898f984c2d8c1114269a962174757856aa5a3068ddee860961af47999f081593b76215af08e1258cc1a1f3ae0f7b9baa155d1b42d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
97bcbd18ad38cab5dcaa61025085b93a

SHA1
64c4a09e57dc4e0d4e84bba4eccdb5be82cdd373

SHA256
ad5840d4cfb14d929aaf66dbdf8d04b3cfb4a3a73df7f376f12936454bc5db54

SHA512
af626ce0f82843b10dce58ce14194edc2e54668bc3fc06aea9b1bf9a3660b0250ef3eb34e6e8668c52bb8b9eb9163debc8c22f88bc02aa0d0456384547ee2736

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
721a91793f2feabab97db1002e347be1

SHA1
d556f1a446fe49ed094b16b997093e1203c1ad2f

SHA256
bdf5c73de18be783d27f9dc92fd6d5c1ce12a75274277b6b7551a2ff4ccddc8f

SHA512
198f3c334e7ef0cf6af43dff6384b613b33b524bac85ab3e73b7a81edc80bba982c902e14d56568cf109ba84c4c4dec903426f0cf9864e77ab66914c054aa48b

Download Submit