931aee3b035d7700193344dee16d11751d00e6d65fe9974ab42413c708c8f1b2

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

931aee3b035d7700193344dee16d11751d00e6d65fe9974ab42413c708c8f1b2.exe
Size

9.9MB
MD5

b46fdce80fc48b3ce353b3ac07698011
SHA1

8653d69f8e3f6c06e58d56e4f91245d01e026183
SHA256

931aee3b035d7700193344dee16d11751d00e6d65fe9974ab42413c708c8f1b2
SHA512

866f37a8ccf68657049ce284bf76db628dde6ef0b7415ca757ba3db1aef5158036248fb3dc4c42a1325169025f78eaca5b1b3e775bbdfda29002ab91cbba042d
SSDEEP

196608:1A7hSSJ7PbDdh0HtQba8z1sjzkAilU4I4:1mh5J7PbDjOQba8psjzyz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2120	931aee3b035d7700193344dee16d11751d00e6d65fe9974ab42413c708c8f1b2.exe
2120	931aee3b035d7700193344dee16d11751d00e6d65fe9974ab42413c708c8f1b2.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	931aee3b035d7700193344dee16d11751d00e6d65fe9974ab42413c708c8f1b2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2120	931aee3b035d7700193344dee16d11751d00e6d65fe9974ab42413c708c8f1b2.exe

C:\Users\Admin\AppData\Local\Temp\931aee3b035d7700193344dee16d11751d00e6d65fe9974ab42413c708c8f1b2.exe
"C:\Users\Admin\AppData\Local\Temp\931aee3b035d7700193344dee16d11751d00e6d65fe9974ab42413c708c8f1b2.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
caab769b083ed01e053d3c8b5015f38e

SHA1
cb3b7d6cfa4f88ece389a57e3b9086cc99f9b331

SHA256
25c68bfdb00def20eb28cedd3f07be8b7db7cfe0db72fa5f743f49929ebbae9e

SHA512
319e79a9f73914805012b02d4b364a7ffa04e94923807d1b13bbe2ead48b3f3b7de2af88497a833b3d038c2e0c71a6fa8ef8a83bd373d790b623730b539175b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
d73316cd3d173a25a2fb8e0d0eeb08f8

SHA1
57fc59f4d582a29d1f126f3b3b0379db21069c10

SHA256
da438b07f59f003363709de16bfe73abfb3d2d78133bde7d2ceee1867c7752bb

SHA512
dddeb2279a11df2e097a4b95be5ce1db3236bf92ef5a23e74a3868b7746f875581b0a759b06901d358342a99a432b7ef8d4a87e7ba283b573a49b297231e7f8d

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
4b8027c1c03ae6a3ff790a0c7fd48797

SHA1
fa34bf202568394f1476da8d108994b848963de7

SHA256
97d3329255ec8830812c9da0adca5a70cef56522157725d8aed3109d8fe33f12

SHA512
eb6e5e30e0887cee43dcdff23c69277ac2706163791db03efbb1420ded0bbcc6e7562f65475b2c7934443125f3b65f0d3e9f68ba9ee5c8d1386a604f04315e0e

Download Submit