ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6

Analysis

max time kernel
35s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe
Size

9.6MB
MD5

e80369709da8ca5c3ad3c005f700d004
SHA1

c41017769043d172e74b60813f799110fc8e8933
SHA256

ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6
SHA512

eaa691c33cf8247bcb362f1bd8f6c5769cb3e2f43eb0ce5b61d75b42679ed366a3c8589cfb7208403ed47772c2211f73acbf3433f361f9eb0caca625a4f10b7a
SSDEEP

98304:jUbzNQaG3nynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vVGyWWyfJpr8B:eaSSJ7PbDdh0HtQba8z1sjzkAilU4I4

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1768	ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe
1768	ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1768	ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe

C:\Users\Admin\AppData\Local\Temp\ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe
"C:\Users\Admin\AppData\Local\Temp\ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
e78fcc6f938f66c8dfc7d38e5b69511f

SHA1
f36365f6254ef0cb61a8d5f95d5ce3a7f23ba7a9

SHA256
bca1235993079ce1fa147cbfcf484975cb8e5a9bbed84aac31e62071630a2323

SHA512
5c2d5ff75efe49c7eb85cf563fecc3cb57b84aca9a44dff7eb172e504adc046ea42f80a8960301a7a7027ef21308010eec6c818593ef5fa0039280f85cc9e98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
c86cf07c5189b28cae8401b25b84ce63

SHA1
fbfadc4eb423968b5cfd22674a0acd4975472823

SHA256
a995fe574537e738d936baa7200f7c61e96b252a61849ea52ab0b80196583f63

SHA512
7e0fb53e87a43e04dea4bcd4d56b103c6d67e0ea3eb34b47a2442f896cf8d7b3bf67800442967496ac6da8499c550f211b6926739dd260ef3e4e4baf0724db23

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2ca51fdfad74cd0d83613bc3748f7a7a

SHA1
56d01efadf972a543bbef7a762dfa11396867b57

SHA256
1b860ec450bcd27acdb95fae7137d109a7e1a374dcff0272e71a3bc33cdc9a43

SHA512
e4f10e3d45bd74ab74cf674049181f12f95e90b1fc04d125206bcffbb2574fc6eef199d2c6b447ecacd93bb6eea5f5b988281358be64f01e2d77b97df185e485

Download Submit