5bb58b960ef454ee919d514552478e5029f88e32aa3e5134c02cdad938ab0afc

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bb58b960ef454ee919d514552478e5029f88e32aa3e5134c02cdad938ab0afc.exe
Size

10.9MB
MD5

886f374b93a77262b67a54f30e6041a8
SHA1

38bb5c1fc811978b010685ee1015493fc59fc1fb
SHA256

5bb58b960ef454ee919d514552478e5029f88e32aa3e5134c02cdad938ab0afc
SHA512

e8be6b52f0ac3d907a3c5feb628bb936978bb70c2039ca8f2e25ade0ba0611b2cdd424e672907930cc4f0b062ace36ba983c01ba786c2e4f04e7e2df075db609
SSDEEP

196608:FUWWPa65SSJ7PbDdh0HtQba8z1sjzkAilU4I4:FUWW5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2496	5bb58b960ef454ee919d514552478e5029f88e32aa3e5134c02cdad938ab0afc.exe
2496	5bb58b960ef454ee919d514552478e5029f88e32aa3e5134c02cdad938ab0afc.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5bb58b960ef454ee919d514552478e5029f88e32aa3e5134c02cdad938ab0afc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2496	5bb58b960ef454ee919d514552478e5029f88e32aa3e5134c02cdad938ab0afc.exe

C:\Users\Admin\AppData\Local\Temp\5bb58b960ef454ee919d514552478e5029f88e32aa3e5134c02cdad938ab0afc.exe
"C:\Users\Admin\AppData\Local\Temp\5bb58b960ef454ee919d514552478e5029f88e32aa3e5134c02cdad938ab0afc.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
d2a688ce63b171d04bd7b1a84af6fe05

SHA1
021ca33c674b141d8838d88ea40e69d929feb6d1

SHA256
1cfc3111278a1e5745f5ebde20f19290ec3c51ed9e795d09fddb20c653d8cdbe

SHA512
c87260267f3fc5e79aa1fbf1d5cc4497976d5f607f6644655cb69c1925c85f5ec3d2f5b0e0178dade06dde1fe50c3e335c9c1b54e0961c3fdaaf1aa2272d3a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
249865c31552d7a201f44c8a68db87a8

SHA1
b5579da35c86667b87d3df1f707726ffdc3b171b

SHA256
82c07accfd7a8eb01867138deaf1215e7874b0369e1377cd210fa8cc0e86e2a5

SHA512
6ebc0aa88fb3ca8132106992cc4a085af9643e5f14e87cf2021f3cbc1ad74dffd09dc116e99b963a0b867c0934263c1d990e867de3d649593c0433c4882cae98

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
f60eb97eddaf662d717928b955f518fa

SHA1
ebc9f395ce38e8776a995bcb2eafdce38026356b

SHA256
4b896315ea3507d8aa15f391622213adeed3dd4ed7edb1207a3e55bc7de47a8a

SHA512
ac09e29b98901c7fa5e480f8ca16e4c7405c4c79837ee4d7c6057a3133c2cc8d390a2537b630446139f1f46f7457eb03571f74043a8c72f0de7b22449156be28

Download Submit