8773cc989faeb9cab67a01c33b6d84d78922db2886e9f8cba2ab680dfe2a8825

Analysis

max time kernel
121s
max time network
131s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 12:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8773cc989faeb9cab67a01c33b6d84d78922db2886e9f8cba2ab680dfe2a8825.exe
Size

10.9MB
MD5

2581dc81a227e3788626a8ee649c1265
SHA1

b05aa9b4b540a8c5b3d2ac64803fd29b072b83ab
SHA256

8773cc989faeb9cab67a01c33b6d84d78922db2886e9f8cba2ab680dfe2a8825
SHA512

837ee04d838cfdd529a91320f89deba147902bed5a8af560c10a2f4dcdac738420624f796cdb86415163828186b535ab4196e9af8c3598afd3f415528c6809ea
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2080	8773cc989faeb9cab67a01c33b6d84d78922db2886e9f8cba2ab680dfe2a8825.exe
2080	8773cc989faeb9cab67a01c33b6d84d78922db2886e9f8cba2ab680dfe2a8825.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8773cc989faeb9cab67a01c33b6d84d78922db2886e9f8cba2ab680dfe2a8825.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2080	8773cc989faeb9cab67a01c33b6d84d78922db2886e9f8cba2ab680dfe2a8825.exe

C:\Users\Admin\AppData\Local\Temp\8773cc989faeb9cab67a01c33b6d84d78922db2886e9f8cba2ab680dfe2a8825.exe
"C:\Users\Admin\AppData\Local\Temp\8773cc989faeb9cab67a01c33b6d84d78922db2886e9f8cba2ab680dfe2a8825.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
2465416e131dffa49b6052bde58e6fd8

SHA1
c5be59c299899c853b8dc3abbb56c31b08290a14

SHA256
b416cde630b12778f2a7cd59de57712b4d3c20205fadfb676ea23c14d8559600

SHA512
0bf51181eb4441aa9fd54c938b8f313d5c8fd94758038a1070ccfdb0ba20ae6425a6e0339d6295ee1c06eb43e35551e90db6278f97bceca4ae1995c7692eafb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
40cb42b654cd6614a79ef1a6a17331de

SHA1
28742c603ec0d0c53349a921aac227602d70674a

SHA256
2333c07daf32f8257a61357548c2467692ed66f1a488a43edffb6ba7067025ce

SHA512
a6ec0beac272284cd8b5f1fc2463fc8a0c1bbc464dfed9930be685841966882c3b62b4e2105bfdd1cb1565979bfc54d272806e9e83218f665cbd520a57c03b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
61863eb9ecd6c11aa3fbe000ee9e1fa7

SHA1
40f4f405f77d2fc09d91a1ff6afb015078080848

SHA256
f332568eeaf9a2dd8d8ca75b8dfa17f0af779dffedd0bb33399c08df41e24c15

SHA512
72fcc70970d942dd74b5f81a0b196a523815521f50fbf09d6f686e1d07991fe187fe65a8e4ef11913539ee5a23ade98f39adeef1457d4b91e9ec6a8dcdf8e83a

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
3a9c5b6b11360a7b82c8c16925c6e496

SHA1
6d5445661970b049453064514bb6a795aa7fa02d

SHA256
44fd93abc095279ef43bb3d537280a8ee00d75630f747a18f632092b3d41825e

SHA512
331b2c0c4ca558b118c6a4daad7da0c13935e843c66c91ab574052bd608c7e8def29ea30837ecc22de374376cc48077a1db03e5f5c882078c826cc1968d0d520

Download Submit