3ef76d18ba4934c5275bfefc2837ff75b3be02a0d7163eca71be89b5234415b3

Analysis

max time kernel
143s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ef76d18ba4934c5275bfefc2837ff75b3be02a0d7163eca71be89b5234415b3.exe
Size

11.0MB
MD5

be4aef030f26c840d207e29ed8c1c9db
SHA1

e7501a61d25dcba2c9a82b985be54330fd068a19
SHA256

3ef76d18ba4934c5275bfefc2837ff75b3be02a0d7163eca71be89b5234415b3
SHA512

630ea7f110db7601db06b242eb24ca4238362f45c4f26de16812f3a2050052b575691f4dc53254a24c486d9b6c367195f78367739721384e86c11e9f7d8c9875
SSDEEP

196608:J1WWWNNAsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:J1WdAsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2384	3ef76d18ba4934c5275bfefc2837ff75b3be02a0d7163eca71be89b5234415b3.exe
2384	3ef76d18ba4934c5275bfefc2837ff75b3be02a0d7163eca71be89b5234415b3.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3ef76d18ba4934c5275bfefc2837ff75b3be02a0d7163eca71be89b5234415b3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2384	3ef76d18ba4934c5275bfefc2837ff75b3be02a0d7163eca71be89b5234415b3.exe

C:\Users\Admin\AppData\Local\Temp\3ef76d18ba4934c5275bfefc2837ff75b3be02a0d7163eca71be89b5234415b3.exe
"C:\Users\Admin\AppData\Local\Temp\3ef76d18ba4934c5275bfefc2837ff75b3be02a0d7163eca71be89b5234415b3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
43028d01b6b747c8034429eaf4b37ed3

SHA1
956adca75b7630ca192cd9e9fd69d895682162ae

SHA256
8a10529d2ee0abd9dfdf1d1642ac14eb9a8efb1322807d8b397a3c0e0eff80d0

SHA512
5316dbc37114ad0d62f40220e3d9a8bd2c836741fd0ff6f9adf0a4579cac64b312f243f53e3a848f971028f77eeb6fc740ffd4711763dabfd083cd105650b178

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
b637353fe5e1d339193b70282092411d

SHA1
2a2b123649f00fb5f181785785fd2a2c4c7c86c9

SHA256
4cb9cd6b3e7900ceef563f0f0b94b6c6cf8e19f5fa1359fa99723dcaac70ff4d

SHA512
27b02f5845341456778772429dd8b90ade6eead23f6b2531b87ade40a119d712853352943bd19fe0420439f55717b4679baa75cb4e581b1dbbbae2195ed84aec

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
7c50af980611f042ae9f1a3fbf38437c

SHA1
623710d01af3fd198f1059e9cc7799cb7736f6f7

SHA256
5038591244883f617db2b4b9064a4c431f059ab0e9e439f69ac4d4aab0741f80

SHA512
4d0c8c86e5dc9aa2d38fd5a78e2aa9a7c6989db02ba82609c1c919f3d45fa0e9962dc41da19e13fcc0d49447bba757449dab99b0aee6dd69d54a3867b8b04a5f

Download Submit