a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7

Analysis

max time kernel
117s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe
Size

11.0MB
MD5

ff17c23c8ff7ef3330f77b431fcc2846
SHA1

4c0a982537f681f970a48215a5a768ce4d075c35
SHA256

a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7
SHA512

11fed89ca5c0d61b7f94d42d6035f99831d8b107c14c2ff7265df0bec1fb21fe92d1f148a8091d8056072a12696c808fa853905f414b8bc28442ab7d3297aafd
SSDEEP

196608:J1WWWNNAsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:J1WdAsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2812	a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe
2812	a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2812	a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe

C:\Users\Admin\AppData\Local\Temp\a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe
"C:\Users\Admin\AppData\Local\Temp\a33404dd8d80e3a8ee68f4087eba799bbf4639d1e99a75f1635df19a3ca2eec7.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
cea28550fdb21d4c71b487f001738994

SHA1
5c18b9807a585c57ca99e9289aee3c25fc101893

SHA256
bc7d14cea8350436c764b8326964e48e33d969e8381ee09429076d31cc5d5973

SHA512
6b9686e4d00bf47f494a2103f37257f0380f4fbdfd156b91b318274f95ec94aa367761429bd8c621297babee4d66b90e9ffff7fe8360d57bee37a49717c18749

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
37c305412be1214e68416cb599e8e9cc

SHA1
63094e0767ddfc2c87f23f8dd128f32c1161c235

SHA256
dd65f7fde92059d7274d658610395bd3529e4901589bc6f94266a181d83c2299

SHA512
f281d61c8fec3f47ea8b93a244dd983edd2c25117045559eaa0dd05af9c64a010e6f8c80ecf66613b1a1e58df5725b3867c227d84af4e01ef22186eb9d171c93

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
7a677b19ae47afa06e96202c48213f14

SHA1
4f604cd8a6f5bb04a11d9c305c0c3382870a1856

SHA256
564400194ea7b7d3506ec0fb39f36703b0d07822460706aa80744d0dbcb261ba

SHA512
dea93224fde3223fc4684b39184ccec3a9e37cbb3226c146a1a4cd86363da8e07207c3c88af3c6c2d3aa414aef11bc5b36c8ebab207a793081b249443eb4bbac

Download Submit