1eaca924e6cb07eaf343851367ea0acac897b313cb861bc6199b3f8024cb3738

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 19:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1eaca924e6cb07eaf343851367ea0acac897b313cb861bc6199b3f8024cb3738.exe
Size

11.0MB
MD5

9c29fd1bab74ebf888b67e723e3a4fa1
SHA1

a1339b40091c6078f22a8d10eef763530f50c568
SHA256

1eaca924e6cb07eaf343851367ea0acac897b313cb861bc6199b3f8024cb3738
SHA512

a4c21c84a049026cd42a7a964928f1a965758198a4f5769a6d2e096dd791922a8856a7d30a4617c3e217522c52b5b389dfd2195cdff58268a65f70f2e543f089
SSDEEP

196608:J1WWWNNAsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:J1WdAsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2356	1eaca924e6cb07eaf343851367ea0acac897b313cb861bc6199b3f8024cb3738.exe
2356	1eaca924e6cb07eaf343851367ea0acac897b313cb861bc6199b3f8024cb3738.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1eaca924e6cb07eaf343851367ea0acac897b313cb861bc6199b3f8024cb3738.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2356	1eaca924e6cb07eaf343851367ea0acac897b313cb861bc6199b3f8024cb3738.exe

C:\Users\Admin\AppData\Local\Temp\1eaca924e6cb07eaf343851367ea0acac897b313cb861bc6199b3f8024cb3738.exe
"C:\Users\Admin\AppData\Local\Temp\1eaca924e6cb07eaf343851367ea0acac897b313cb861bc6199b3f8024cb3738.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
afaefa3cfd6b6e42a3dd68a80415de2e

SHA1
3f8e3e557e128c2dcbbb24a8a0d1dbe915724b84

SHA256
77865c8311dfed826c0f3db224926101170114d91cc702f199bf65e53df1ce60

SHA512
893145c968769bfd5542748623dae8f6fd12020569058a9c6f9070a84c705c258129418377a608e0a4b7d45b2b3032f23a46f901222877a36ba512a13d069aaa

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
ffbdd56203726eedad5312565cee123a

SHA1
5ca36fc5785468ab9c5c342b9e70ada3fddfca3f

SHA256
4c83495f153685dbc4835a551485f5669a9bf37c1035257b64db0f33c4e6d38b

SHA512
2c9ca4202763e019090dc646b9e91e921182bb04d9a7d93398b542f5b5d4f1be3d92bae08b2e349732702bf0b4e5fd66245703002f535f8de361d9595798af2b

Download Submit