45d619906eba23443c511d3fc249dbdf7465b7e7bfc19a942e61ebdb3d5727de

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45d619906eba23443c511d3fc249dbdf7465b7e7bfc19a942e61ebdb3d5727de.exe
Size

10.0MB
MD5

c4574444dd4c0c8a9dcefb782eed9cd9
SHA1

fc309903b9df74430bd07fd4270848531f221bfe
SHA256

45d619906eba23443c511d3fc249dbdf7465b7e7bfc19a942e61ebdb3d5727de
SHA512

6eca515fb441964742821add25bc4f83360d1db557c017d2cdb171ff15ccb645bc0425db494907a4d8b5db0efcfe75cb1fae46aec5a02eaff62ee6b54719cd5d
SSDEEP

196608:arS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:arRrDjtLKkOa8ps6puAktIz

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2388	45d619906eba23443c511d3fc249dbdf7465b7e7bfc19a942e61ebdb3d5727de.exe
2388	45d619906eba23443c511d3fc249dbdf7465b7e7bfc19a942e61ebdb3d5727de.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45d619906eba23443c511d3fc249dbdf7465b7e7bfc19a942e61ebdb3d5727de.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2388	45d619906eba23443c511d3fc249dbdf7465b7e7bfc19a942e61ebdb3d5727de.exe

C:\Users\Admin\AppData\Local\Temp\45d619906eba23443c511d3fc249dbdf7465b7e7bfc19a942e61ebdb3d5727de.exe
"C:\Users\Admin\AppData\Local\Temp\45d619906eba23443c511d3fc249dbdf7465b7e7bfc19a942e61ebdb3d5727de.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
8aca5d060c9d460be997f46ddcc70a6a

SHA1
7b1912333327d392284ee694b6179fdb22a0cfb1

SHA256
bba0061e76691b3e3b7084d29744eaf84a815df2ba708d4507e3affdd3091c27

SHA512
35b9f1cf3beff71c0f7cd9a967e75d4d93140dfd5bff20b794328351e29cf7965118b2f95bac81df540091d41d077effeedf5ef5611698b51b721c8566674fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
9ef2c2514f645fd1a3b649c69fdae969

SHA1
fd6949f67001f866794870a2972d8360b38a0d9d

SHA256
1238c9d2cf5880dab54c9567116939cf7d3f401c0f706fa6143ecf757c75bc75

SHA512
b8555c15b9a07028078be6affcae954a807d7e7520b372f3f4cba69709a0b37702b6cde946a06d6d33599c1f326853f5864746e911dc817b740e2f6ade7f35f1

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
31eafcc412a23476e49c2c80541a182a

SHA1
f30bc5d525332a9773f4e36e99ff8ad2d9a111b3

SHA256
e030341aeeb91e293ac96d828bfdfce2032f3dce2433fc4f65f77116c5e47811

SHA512
4ea8ce44c643efca5d305ff2726b5920af6e683e708c62e290806d9f8a415bcdb80198c9bf1cc6e54a038fb638a40799f688d9c7570569bb4928e423ae5f327a

Download Submit