661c8cce7fd6e3070d15e3f833ac5efd834b0320f308144c9dd23d056c8fcea1

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

661c8cce7fd6e3070d15e3f833ac5efd834b0320f308144c9dd23d056c8fcea1.exe
Size

10.9MB
MD5

ecd8f517158465a35aee7dee7f19fa77
SHA1

cdbe28702d096dea30fda867f943bf666ce799a3
SHA256

661c8cce7fd6e3070d15e3f833ac5efd834b0320f308144c9dd23d056c8fcea1
SHA512

ad19b078d126cab34a997dd744594284a397c2a1a984db620796a37ca2a011383978a99a384b1d985ea139a646e101f41d0f0a8539b7f9252d9b2030b3077006
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2656	661c8cce7fd6e3070d15e3f833ac5efd834b0320f308144c9dd23d056c8fcea1.exe
2656	661c8cce7fd6e3070d15e3f833ac5efd834b0320f308144c9dd23d056c8fcea1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	661c8cce7fd6e3070d15e3f833ac5efd834b0320f308144c9dd23d056c8fcea1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2656	661c8cce7fd6e3070d15e3f833ac5efd834b0320f308144c9dd23d056c8fcea1.exe

C:\Users\Admin\AppData\Local\Temp\661c8cce7fd6e3070d15e3f833ac5efd834b0320f308144c9dd23d056c8fcea1.exe
"C:\Users\Admin\AppData\Local\Temp\661c8cce7fd6e3070d15e3f833ac5efd834b0320f308144c9dd23d056c8fcea1.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
2df4a70676d940fecceb41127658dc22

SHA1
14fd654cca9e112931bf78e21a4cd92ff02496fd

SHA256
3e26f8aa674d67e78b6a03fe68219ed8643c33b105209401cade719bfa526419

SHA512
46a589b310a14dab510de67a13af5c8ae8dbfe2bcaf2918a9e0ebc1c6e699481b0b2276d4b372a0426572336c5ffd6609169cb3fc2d6980d1657ee4872cfae90

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
93629fe08fcf02837a0c441b6b946a96

SHA1
28b1fba7753b41b2e9df2655897c1be152e8d5ea

SHA256
39f0196a3b16053be21f4fd667dd27c2b8df69d7037df993964d94e713ffa625

SHA512
5c162c4465b5c408e73bbed7a690c3b595a8a75c90306fb8bb5da9d10e6e3e2c5a58196c01e21d69a060fd207b2a85699d51bc7f8d708d9f16de593bbceca83b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
38301f9f9d253b9bd1b6bdcc921a7759

SHA1
ce0db92ba645c944237af88e1642603a1e89dfe5

SHA256
d7266c341c5e2706a3aaa1821712ca1de5e48f06a5aeefbd7ab9dbb5aea3cb8e

SHA512
3828304cba2139f858022750e8d1ca42b3daecca6d6e0b4c4039d214c4e0b5908670e9f1bd0b5b77a1efe8af311fc340fa32661365c4fbb66afe0bd54f8eb5fb

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2992a9b14af1ee90358d8b060f1ccd72

SHA1
a4189678a476e5306da2a3b3f71c8234e2528186

SHA256
9cefa4eda2b58ce75df7ec6710a646cb1cb355b16e1b68b94986679a800c0d38

SHA512
38cd08e764418d0d48ab291d175b8fbe0ce516e598b6258488819e6a06b21addb5dbd155fe72f4a96e968f233f18bdf096977f36c4e038a942dbf6c3b38bdf5e

Download Submit