6d7abd43e0f03e45e85e70997c26a0b82e4948c020028fbbc69ffdbb1a006726

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d7abd43e0f03e45e85e70997c26a0b82e4948c020028fbbc69ffdbb1a006726.exe
Size

10.9MB
MD5

1a5e8f2c466541344196487dc9cc990a
SHA1

8eb0a95b9ea32ac979d53a11cb418b8d4751f13d
SHA256

6d7abd43e0f03e45e85e70997c26a0b82e4948c020028fbbc69ffdbb1a006726
SHA512

a37d5dbc4264bd5f594cf3c482de54ba0d3e7d9398d2d4343c25ebe8b207c7c49635105c445428d6cd8b79d0426f02f8d826ea7908bb9fc4d4588a959ccbe1d2
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
1960	6d7abd43e0f03e45e85e70997c26a0b82e4948c020028fbbc69ffdbb1a006726.exe
1960	6d7abd43e0f03e45e85e70997c26a0b82e4948c020028fbbc69ffdbb1a006726.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6d7abd43e0f03e45e85e70997c26a0b82e4948c020028fbbc69ffdbb1a006726.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1960	6d7abd43e0f03e45e85e70997c26a0b82e4948c020028fbbc69ffdbb1a006726.exe

C:\Users\Admin\AppData\Local\Temp\6d7abd43e0f03e45e85e70997c26a0b82e4948c020028fbbc69ffdbb1a006726.exe
"C:\Users\Admin\AppData\Local\Temp\6d7abd43e0f03e45e85e70997c26a0b82e4948c020028fbbc69ffdbb1a006726.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
f984bbb6a2666f4d2ea9f05f38c515ee

SHA1
28f4cc1d7ed207b7421add38d41144d21f391e12

SHA256
f9bc542d845929a6b5664ff78adef92a85bb20fd04021f11652916c37cdd1142

SHA512
f170769cc816f5d4ae537fea3886564c8bd921e6b885689774332eab28d58a1a88c15c3945f8afd87701f85538c0f20f8a7d41ddc76ff708e9ee6606dddd91dd

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c62410d70ef7185aa5bc8d3b74e9698c

SHA1
faa75dfc4617b2e971dc2e13734956911f0a0c31

SHA256
ce62fe014b547ea67f401f86ff7df53d39a58d94838f063b602a1e0d1c160462

SHA512
4199c57fc8d5bcf160a9e29b724f80339383ae986c270ce11501b0ffcc2993820b39afafe11916ba352adb0b39618412b61cf603e73bd67cec4d7c9d98304e8a

Download Submit