b7d2ae452ea7a5ca54c2cf066144174ccda210dfd30936fda1879f0d623e382d

Analysis

max time kernel
124s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7d2ae452ea7a5ca54c2cf066144174ccda210dfd30936fda1879f0d623e382d.exe
Size

11.0MB
MD5

b999ebd5c7847ef52792e69a21dadef8
SHA1

ea21a16816b58aa7fb47834b67d354348951ad66
SHA256

b7d2ae452ea7a5ca54c2cf066144174ccda210dfd30936fda1879f0d623e382d
SHA512

5acf1514cfe00e6a1110532a0922f858bb5a12aae5761f3e99228a3598c5ae9ca964df013ac8c0d674db3d08615457f86bee23a00e6d55d692f9fc92cf844eec
SSDEEP

196608:J1WWWNNAsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:J1WdAsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b7d2ae452ea7a5ca54c2cf066144174ccda210dfd30936fda1879f0d623e382d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1388	b7d2ae452ea7a5ca54c2cf066144174ccda210dfd30936fda1879f0d623e382d.exe

C:\Users\Admin\AppData\Local\Temp\b7d2ae452ea7a5ca54c2cf066144174ccda210dfd30936fda1879f0d623e382d.exe
"C:\Users\Admin\AppData\Local\Temp\b7d2ae452ea7a5ca54c2cf066144174ccda210dfd30936fda1879f0d623e382d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
6facb365dc2d89f815b565cd84f0f89e

SHA1
468448a1e57b1cbc605a32a0ade8199ac7e41677

SHA256
cef334a4cb7ae4a2d6cd6149f47dd43ed556cc8dbe7206d26c0cbd15b7b28ac4

SHA512
2e2cee8aed9bfbccf4daaafe77cad877fa2edd31d9834a02d7cff84be7e34535a540549b30f35898c689a9571e4b14625672078ec2af24bd6f89599fd1085322

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
7db064685ee542c165ec51912d8ca202

SHA1
451bbe470cb1d3df653b52a822044c27a220a716

SHA256
4bc9f91636d10e45b29d5186111c9d9bfabe8171b16adc58ad4320d7882c151d

SHA512
4d85cae84efb3375ba032a5e1d8a792781b31f94fbdafce4d0d4a96d3a75f49f88d3dbf6e48fa4d883a5b1fe5d7a90fc0f57e5defba6bf22e5627f17be4f20c9

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
1a276767a3222930c1eba70aed32b9fb

SHA1
4f12e4a0ee19920b9d3e52ddd2942ecce59cb247

SHA256
70b01555068dad189ef768ce4e84ac145b78f458934246a1c47b62e601463d71

SHA512
9c81de3ea97564c824b566a3d91b69afa365665aab49c2600bd34a1fcfbdcf2d191a571e19e2aebe00780585a687522a19718cf9d045b8aecee09c43522927d1

Download Submit