9ea53cfd98b2ea0072fafa0fa06965cfb4a12f43e2127c375eb960789c325241

Analysis

max time kernel
119s
max time network
141s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ea53cfd98b2ea0072fafa0fa06965cfb4a12f43e2127c375eb960789c325241.exe
Size

11.0MB
MD5

6d5a0801bfa2e30d0a72e2ee63ce42c3
SHA1

6dad170f72740b0c231fa708ebd8ef677589f2cb
SHA256

9ea53cfd98b2ea0072fafa0fa06965cfb4a12f43e2127c375eb960789c325241
SHA512

74576182252cf33f5ff64866296b515e051a01a9d3f512397552f36d4bae8db53c0a0337ad6065c5c69cd677a4b2e5800a8a2558579443b0f6fcf71d4a00e772
SSDEEP

196608:J1WWWNNAsS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:J1WdAsRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2036	9ea53cfd98b2ea0072fafa0fa06965cfb4a12f43e2127c375eb960789c325241.exe
2036	9ea53cfd98b2ea0072fafa0fa06965cfb4a12f43e2127c375eb960789c325241.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9ea53cfd98b2ea0072fafa0fa06965cfb4a12f43e2127c375eb960789c325241.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2036	9ea53cfd98b2ea0072fafa0fa06965cfb4a12f43e2127c375eb960789c325241.exe

C:\Users\Admin\AppData\Local\Temp\9ea53cfd98b2ea0072fafa0fa06965cfb4a12f43e2127c375eb960789c325241.exe
"C:\Users\Admin\AppData\Local\Temp\9ea53cfd98b2ea0072fafa0fa06965cfb4a12f43e2127c375eb960789c325241.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
17ce818937084e1dbfc424579c0dbcf2

SHA1
24e86075b04200504d5bf5c160db0902bf58a281

SHA256
dcc2a1ba64a83292ea4302048efcbd0ea83d81a3c7e5b7a2f10170ae72ce7301

SHA512
e99d6e6a45a68fcdbe9a891112c9fa6b25ea7fb1a67275bd09a540e3b549f8c2e6a60ad587191748e3af267ebcf604cb3776083fb17ab83203ea5f9fdd346045

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
17f51a91628945b8e453c91c8e7a233c

SHA1
e3ffd86b8ddb4085585cc4442520528f5eebd40f

SHA256
557693eefe760e05348edfce3ad9defb520a0990ee6fd69b00860935d3b5586e

SHA512
746e2421007d8a1a1f499085307bd3c14d0bdec9bbae742049b7212ee80eb978b555c3b2203225f9a3fb3eb2da31ec3640fc2efcbb728e1218b24a52cca57cde

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
be1eca2b9e3ea0dceb6c104e862f4096

SHA1
74dbfb96c325106412c24e49314636b50cd497a5

SHA256
140bacd73a2dde8370b2d7108b761b8b54371cbd753c8bbabff8177f01dda5c8

SHA512
a732e91c722adbc46a57eb4753c0bbd813e7fbc27ef3808e9ff57559c7d8ff9948a4720d297755bbc5b554814c44297100a6513072cbc862d07d6fd7815228ae

Download Submit