a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe
Size

9.9MB
MD5

e69796636ce6ad47851bfdb88ef05b5f
SHA1

ed18bfdb4a4f824c38783fd23e75f131fa1caaad
SHA256

a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a
SHA512

5d77a38b04b9a2df10f39be1db26b3d590289fa3d0bdec9094e21e83846d8fc9f90e3b5e464d1a53c6250d2ff2da3e6c27d10a366d19fee7b422d156af464400
SSDEEP

196608:IsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:IsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2776	a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe
2776	a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2776	a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe

C:\Users\Admin\AppData\Local\Temp\a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe
"C:\Users\Admin\AppData\Local\Temp\a5796ea672b5ebe634c692a16d22ca149b199b463b52c68f15c7f1e64698277a.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
f8c7cd59546e8ba04d1fd33b8534ea3f

SHA1
3d8c27a1f815f3ec7530cb5f512edaeacd861305

SHA256
0ae40f0206e9d9c6f241f46217025ee469c5ff6360756885767dddca0ee08e32

SHA512
32509f498dab883fb0e3158950acb2195d1d2a168bbc35fc1ccfd6676557c213ff4786706a14185ef1ef1cc1eada957d3a5a3e07a78730063d96821a22a0ec27

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
64c8d227a332b35e1ead036c5656becb

SHA1
30ccdafce1f95c5c1ac286058c18f84c4cffecbc

SHA256
7b1286914ab5c07da74d2fe19e78d3acd46a4c61dc28615e93ad9799b2bebdef

SHA512
54529fdf4e276e06fdcc545050088bc39b28262fa2664b6ce20eaa2fa719f8a79ef87b696e88a61f17fb030d690f64ff8419e2e30b3863549fe1c63990bdf1e5

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
8c7798dcbc0ba35bd1c9f946e37ce611

SHA1
8da8b414deef02f62d5bf192edd5176b168d2528

SHA256
5403c7706eca08a5370ad72758602c70f72306b57248fd76313db06b71eeef18

SHA512
553c64e57afaa08571253cf9fa161a5db95aa0d8b989cc4103d1308666c9449bd27eb32fe2e29c9e6de5508c348b9d0dc54ee49d90391e890c8754d1170a15ac

Download Submit