c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe
Size

10.0MB
MD5

77b755b6a44da36b67c9927e871e07be
SHA1

f6c37acf4d86da089146826a671a543786e6ff2d
SHA256

c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954
SHA512

669764f86ea6de6f52859204a2682916c6af7f212199866530f292f0911d490b5eaec501a2f5a6ad30057c085d3dc8aa5589eec4622803d19361c9bf9050cd45
SSDEEP

196608:n4NS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:nmRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2308	c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe
2308	c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2308	c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe

C:\Users\Admin\AppData\Local\Temp\c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe
"C:\Users\Admin\AppData\Local\Temp\c5419aa54a826674d6df9cb79fbcadaba5f951fa6ff24414ecc59894f271b954.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
7551801cab7d9334aabf5308f3aa3450

SHA1
1bbdf948635defb2f0082df36a7f83aa8d2eaeb7

SHA256
8adc68479ab1b8c6d4db4e312c1004ef708d5e6166aef2f0e2234e4fa135967c

SHA512
2d96b63514ae7e7b48d06c67d9ceb0cef2a423376dc9db1449d151a12b1e52367dbac361bdb9667ee7f84cd2ca38080f53165742e949e1636465e068ece195e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
611719f77d8534042b0cb5962ce71207

SHA1
ad848d88ecf51e333c227856f9085e04ef9605de

SHA256
c48db1cae2eb0f1231a37389b74357c1c355ec5fe56902882eefa3cd86999dba

SHA512
6369337f5145120774b3bb2e062373c7623fdcf78e5f6887cddbcd4daa9a8937075a61d6b7bdd14bcdab23bcaea83808b078c597ae458720b10a274203888b9c

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
0b0144e9cc6615bede14f9be13e25364

SHA1
8598e2f6e76b1506f23dd0bfd8ebac60e77e51a0

SHA256
861b25b9eb2f51e59f0103ce0f701f183c2f7bb654fd2f0659e748f22916af06

SHA512
d9bca9e037a5abed2178df7890f690d69b9c2be1d996308cb11089e306da319594578ebcdd084ea9e446dc05020f10038d83d95e7f2e65a426d29e2b3049bd5c

Download Submit