5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe
Size

10.0MB
MD5

5ceaf3e253aa3de13933de0e15f82e7d
SHA1

aca6ec62477b0bf77905d2a45978853ba731f051
SHA256

5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c
SHA512

74fe7307bf6fcfa339565699bcb5c5a5e5fc95b39749a510f92f2e5b621ddfd5b3d6c1a7ac0187af3f55e379b5df77ff1fd99f2818728d7509a3f7c255be499b
SSDEEP

196608:n4NS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:nmRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
3044	5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe
3044	5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3044	5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe

C:\Users\Admin\AppData\Local\Temp\5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe
"C:\Users\Admin\AppData\Local\Temp\5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CabE775.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
7bcff2e8edc167cf3aa103a4d40321d4

SHA1
292cb5017a33fbe74a8af16c07ba3e782db735e4

SHA256
58f2f5f9c678c0ca74c06b557eafa983791c1f2f60121b46a139bc03750cc362

SHA512
e8fcfff1eb0859ca836a6ea8f19084e2b437750bd0a2c8ecd846e52a722f0305a76a98a7ae3e4838ae15e28147f952344d0f4e510faaaf82dbdd2daadc632be1

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
5539f33dfd3eab2782e7d90d6055e547

SHA1
65fbd2836bc20a0e21a4a797ab296aee54fcd60a

SHA256
8f26a7e1eee2189fc9c67cef083229c7eae9f20870bf3363b792bbfb706df6ec

SHA512
85c84d99ee53bbaee8eb451d96ae34040627dcee4d9f601374fa2721c43daedff9c37c0c661708d358d15798f100b97e6f49edc191153ece19ac6a6f0550ebe4

Download Submit