5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe
Size

11.0MB
MD5

91705b782187c2f8214c2f035d19da07
SHA1

221fec744db1dc0543990008a5e3c90a233bbe64
SHA256

5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe
SHA512

fc3478710d4ec7197da1afcb63102f3d1533cf45a0ca7576a34c3759dc63490812dfb1bebe873992420670979ad0a4585cd9d79d1d08b7c62cffb19a3bb8c33a
SSDEEP

196608:5lAWWOUJYS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:56WtUJYRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
1692	5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe
1692	5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1692	5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe

C:\Users\Admin\AppData\Local\Temp\5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe
"C:\Users\Admin\AppData\Local\Temp\5bd9b2fa2410d7946d3e69d5ef2411f4607790a8545e1ce5f1d861fcdcb350fe.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
cbdef6eb09f7854b1532325114775fcc

SHA1
aabd2ea5c36615c3f1e0cc5020c4f64a1830c272

SHA256
57e14e5baf2ab4fa8ed9420989e8ed192b47aa35e1954a690a7574b03478c7b8

SHA512
2b85629921b29de03dcb656b289c01d4fa0d73d95e4da8f456bf49570d5108d060d755282608d922bff329a96c7b28828821e0f1ac6bc427400dce1fea50c504

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
4ac0270fa1dcc6d7d41f0f0aefecb5ba

SHA1
228e0f1a72a955111ad06c7ff7235a55d344b1d5

SHA256
d9d6810aebc22cd919ec7e0f167fea4ab27badf5b7fab5772f4de04f0aea4d61

SHA512
cf606e3d8dea4273bab2304d06ea5056253c62a1ef57bc74687e64440a612fa535146b39b29debd679b40617a7d00bf306afd4c42002e4ef3bcf022511279b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
930630b6717491dba01b21ba8c381dd9

SHA1
ebd7cd0f9e0f395223c6f290f21bf8ea9f79cb8d

SHA256
6683719f3d1f9b750e746421e1d64d4a3eb505510e33211fc7d3ea7910466256

SHA512
6340e2a19f1cf55df0aa72d5a3436a9504c761c48df2aa08a2d4de918423ada83530220bbdba853a73fca8a0f540715272c4c210f0d6d6b8a487276951ecb476

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
901b3c4e1c555f3968c0fff824096b0a

SHA1
77f6d4eb05835a3f087a1af3f93dafd246f9e6d5

SHA256
8c96816468ecbaad4a9c7ddf797ac47e4adc780949d66ca1bbdf936d564ec063

SHA512
5f929faced4e912797bec95dd9b179d2936c9a64b19a0e80c54570581c7ac780de26c4fd2a3a788ac1cefce244eb6784c7c2e1193d7f5d133dfef45f54dabbfd

Download Submit