89e9fcb979903d8346ef038b42d114ff00f48299549c58e930734ae924ea0b0b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89e9fcb979903d8346ef038b42d114ff00f48299549c58e930734ae924ea0b0b.exe
Size

11.0MB
MD5

6e0d401598e334ee3f618630937c9214
SHA1

85cab6a1e49fea86e35ed319c1ba7a7f359bcbd2
SHA256

89e9fcb979903d8346ef038b42d114ff00f48299549c58e930734ae924ea0b0b
SHA512

d1483d51a1b71761f5c3faf1bb29b7d22b293de3cc3935bb71c4af67da3e2a1bfb1a5dc722c8e81f69d398555b1a16930f2ceeb443f46969da5bf24fe2b3f9b5
SSDEEP

196608:J1WWWNNAsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:J1WdAsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2084	89e9fcb979903d8346ef038b42d114ff00f48299549c58e930734ae924ea0b0b.exe
2084	89e9fcb979903d8346ef038b42d114ff00f48299549c58e930734ae924ea0b0b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	89e9fcb979903d8346ef038b42d114ff00f48299549c58e930734ae924ea0b0b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2084	89e9fcb979903d8346ef038b42d114ff00f48299549c58e930734ae924ea0b0b.exe

C:\Users\Admin\AppData\Local\Temp\89e9fcb979903d8346ef038b42d114ff00f48299549c58e930734ae924ea0b0b.exe
"C:\Users\Admin\AppData\Local\Temp\89e9fcb979903d8346ef038b42d114ff00f48299549c58e930734ae924ea0b0b.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab80F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
456e34c47eb0fd9265f9fc66b3d11394

SHA1
6a05d8f1b32bfca8d746d2f79b925d24e65552e3

SHA256
5aadc6cdf8b7fbb82f047e7439a8ac9e2e5f61b85686ccd777ecd1c758e1d89e

SHA512
709a3906743ecad9007237e52dada4b2a954236531f61c04c53b72635f0fd888dc8f8b2d9ba49dcab2ea46ca6072d2878e731be712f8299aae98bf43bcccd070

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
b5e3554e1cafc93ac2a0c60c15bff78a

SHA1
1994db276c4ceae750bd6d845dc9853a5fe3b486

SHA256
9eedf999768bf39ab60241e59f0f50af06bf4ef203d30ce2f60acf14fb21906c

SHA512
0551dd0e26cb960632583c6434edc382e42abfc920cbb750e043700ef37493b4d0309827058000f11e7b960fd902004b577cf000c4284ed22ac4dc8c02239503

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
bf2ffc0ec18f6ace58e8ca83532ef4e6

SHA1
62619349797dc82970831bf51f5f899660065835

SHA256
4553024a93c5d6b09d002893df0093a2903b7891c62f84d4463586cbcc47ab6e

SHA512
d0ce83e6dad00f055e0b442dd45ae791466efbc092a10eda99f64f605d881659a7f6d40bd71d73b442345eed4c56e6fafb323e17466683b33c1a25c790d177d9

Download Submit