ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe
Size

9.9MB
MD5

0cd2a64e1544bd865d2e4f6d2ec7fc61
SHA1

06a3f9a49892991020f8950fb077c14f29811cf7
SHA256

ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7
SHA512

0d9077081294aa3a7589c3e82281a1829afa5ad7551f853234788c7ca8c728aaa250afb4b66035063dc0af8d3d494140424ce1535e52678df8e2fd9aaca6db2a
SSDEEP

196608:IsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:IsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2828	ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe
2828	ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2828	ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe

C:\Users\Admin\AppData\Local\Temp\ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe
"C:\Users\Admin\AppData\Local\Temp\ec7bf73a0dd90ef1a0ced23dc71f03b4c6892dd9685f0ce48153b6954c9879e7.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CabF145.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
899fe7f81d5b5c678de6698bbad1ad0f

SHA1
9cc7c90a422dc6654014a552887b17c8f537ffc5

SHA256
d598e7a261c7d3c44bfb3f2051943e89602209eff4e0d959380105001a1eec82

SHA512
05149d9fc80d44cfbadc69af1fbcd87eedde9871fedb1a5478e7612e7ddbe82ade3f41be2634ef624131681d85bcf90ce26037175a4fa46d153dcbc886b1e61d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
0d512e42de27275f22bb976d043d77f4

SHA1
8ad19ac9c5f338d9d86e7032ea81a75fd64a8bc7

SHA256
0f43064ead42156f89318f80c46cb64168dcc4606334f8f95388758d830b35ac

SHA512
35eb6856b3511a82896c2e67380b559424d92c4fd9fbd46b6e3d3b70b8219e7cd9cb465b6f9676cdc353cabe9e587fd4972d9309feff61393fd4d5a57cbf7a10

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
cec1c781bc0094dbca01a97e00802737

SHA1
9559f30667e488fa6fad706f7c1886502f8daaf6

SHA256
63b7b8a2ddf5073f6e0287d883c3d70cfb82f75223f95d7eaae73add85e389d6

SHA512
ba90269cad5c9feaa88a7867ef7f2cc71ba8ac166d2916ed8efc631077c3ce20a3fdf0c657168ac51f338b0a7ffc4e4b8565dba56c15246384364e59e4c121fe

Download Submit