20ebd2b4b42b8e7996302245f2510a387baca3ccf117ab9da16878d25a2fc860

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 17:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20ebd2b4b42b8e7996302245f2510a387baca3ccf117ab9da16878d25a2fc860.exe
Size

11.0MB
MD5

78d9438ecef5f9d0068d874fe4d6e9a6
SHA1

b0150e85da7cc6dcf225c96a0a1791494d108be2
SHA256

20ebd2b4b42b8e7996302245f2510a387baca3ccf117ab9da16878d25a2fc860
SHA512

a337717e2ae4a0d8881369440646bb1714785ded712d9e2d054aec45920338c380474988aef47441e297524647efb8f9db70d4ba646e0077980efefaf23d4154
SSDEEP

196608:5lAWWOUJYS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:56WtUJYRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2536	20ebd2b4b42b8e7996302245f2510a387baca3ccf117ab9da16878d25a2fc860.exe
2536	20ebd2b4b42b8e7996302245f2510a387baca3ccf117ab9da16878d25a2fc860.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	20ebd2b4b42b8e7996302245f2510a387baca3ccf117ab9da16878d25a2fc860.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2536	20ebd2b4b42b8e7996302245f2510a387baca3ccf117ab9da16878d25a2fc860.exe

C:\Users\Admin\AppData\Local\Temp\20ebd2b4b42b8e7996302245f2510a387baca3ccf117ab9da16878d25a2fc860.exe
"C:\Users\Admin\AppData\Local\Temp\20ebd2b4b42b8e7996302245f2510a387baca3ccf117ab9da16878d25a2fc860.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
8KB

MD5
3334e94d487c4ae81a39f7153f01f142

SHA1
966c6408c59d13984dd341cb88cb1a8afcca6175

SHA256
d20d9095f7d8b3786a5c8bc6de5e4589b10e8370fc1df23b0c3f5b7e5ce41a68

SHA512
f7cede164fa86c1314ad47d8b17d4c79078302fe13007a0a98fae54a353ae61250e2bfbf96d171ecb8e4182dcc7fc30992d779e656af143de8ef2274fed15865

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
b9c20d36ba6930b3526378ee3ee66482

SHA1
b57783b3a45e90d3eb0181c136f26285a722619f

SHA256
cd2c52c31e56b96b532d8a089c917ee05e38bdacd8eb2d9afa85a2a655729cac

SHA512
15dc1f3bb1a92c75afabbcecb519f5e6aa149e9daa0ca359c5dc90c9a50511d51ca0e275421621bd80d89fa2e85aba51354d3dbb1b191cd5b2f315bc02d4edee

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
4a0ab917b13c895e96adaca54dd40406

SHA1
3c76226e8c36243d0cbbf618cb2568653d3a8b33

SHA256
1a595cbdcfeb04db228a08aba29bcf502338454aa4dd885a748bd064edaf00ee

SHA512
7ed55b7c8b9377bf02ce80f99b5f60222a8455b5eedea2d1e549c6f8b0ad7f7bfb6fb2e633906357a79bcd1faa72aa5b8735f617df959b788eb25df0d91f5b24

Download Submit