1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3

Analysis

max time kernel
118s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe
Size

10.9MB
MD5

94dfec38d5696b6254089ded4dcd478a
SHA1

7dc83c1fddd1cee2f6ab780c47bc6204f6d90cc0
SHA256

1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3
SHA512

ea093650984a6a25931b5d3ec7b188ce9b6220716ccf69986750dc8e8fa08fbf2e3bc21f7287449aa5d5e5412e0cd7e0433219e57ac766ebcfeddfe64e9eb60d
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2100	1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe
2100	1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2100	1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe

C:\Users\Admin\AppData\Local\Temp\1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe
"C:\Users\Admin\AppData\Local\Temp\1cdbc8a89550af0dfc3b18bb00c79d6ebacae875ea365dece6a1a3c7261e4ca3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CabBB37.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
5365f0fb8c750bbd41116cdce9df5775

SHA1
4c4d6fe4bfe16182abd00330b1b7876825d9e170

SHA256
bb035b34c4215a6f1792d90bc0319e7c7612d9f26f560ab25b8f576594df2a69

SHA512
181a9d749a052f15c783af347a9fc90e5a648929467eb84e7b2aa1de004da9b555c57bc915c6ceed97cf5ae9fa24a6a0df7293f69578e312dc5a307684d6ec48

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
11KB

MD5
9b45e79a9d400dfa1ee5bf88ca4a22ea

SHA1
4081a59c4f889397ab74787380667d037d57ad78

SHA256
336fc4c3bf207207ad8c87f41a2578cc9f8f79ff5a0166244670208deb6a917d

SHA512
3c46ae9792a876bf0ff722976a0b5d9cb1e9c1be8118be50de0a2b9e5c5e84d57440e1f39c496b8cb65e4ba3beb30260948a89ff680ab9620eef9324e4bd15e4

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
9bd799c486c26a61658efe3088872e28

SHA1
a86a247f47d21a8312bc687e37011975a9aa4c2b

SHA256
aa5efc8c812f4e14a2cbdd462940da8eca4fab70ae7b7cdca9e45732aaa2b7e7

SHA512
cbd96060d62ba934b00465f35e5ed76eef81c54523374d56130139dfdae7156b9ea4c6df02eb21d63687b8f6db612f6686870b3c509b7200858d99a1dd156cbb

Download Submit