26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe
Size

11.0MB
MD5

89fef2fe32dbea95a13ff78e463c643b
SHA1

2ffbcac9459e8c893e1e386b5a2d8b7e8a1ade60
SHA256

26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9
SHA512

6f3d786d0a0520ad8e01b7354e36d67f58a15911409928ae5a1a2fe32099fe0e58a2b23122d1dc334611766b9a59e87cb39fca1ec4bf5a14250d07561ff5d8f3
SSDEEP

196608:5lAWWOUJYS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:56WtUJYRrDjtLKkOa8ps6puAktIz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
1992	26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe
1992	26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1992	26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe

C:\Users\Admin\AppData\Local\Temp\26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe
"C:\Users\Admin\AppData\Local\Temp\26670c7c7ed9b33708a04bfbbe307b7e91696763fa7fc39f28d04e8a8b9d8cb9.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
ecf6a119be66bc42e602bd28c59bb452

SHA1
e9ad53830857703a767f4c58e5773ef9863c8156

SHA256
d74fe3f27752829f749095884270497a3719b7b97d8545fa52495cd8ee55be55

SHA512
8bc772d7bc331d50eb7ef99df98be710f76d4601ac7c2f3f47ff2f46798c789e41aaf0db34f95cb30029f9d9fa39eb26becd1c54fb48663c030ca4f153d6f87a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
92f0f24ab5c4b2ee7a52cadeb18272cf

SHA1
4937ace5a3ed623eb8d1f18f3cb90bc1f0c74f58

SHA256
29428c7de0ee0bc57eee4173bfa09ddaa76c8362494cdffbec4e66c620965728

SHA512
b56db077425d2ede948729eb2f102a8b1a0ae6910786dd63207d02096ac3ba45e8940e4f2518c300269aa761772279f3c48efb27d7321af49429db800f1ce1de

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
b17e84f80b2342c5f51ad7ab84a14302

SHA1
ba45707f4a96ed7e54454313239610f0117e6350

SHA256
09b69189c26bd6188832e32469391dfd44fb97361dc8ad24bbc9f9a2f5758861

SHA512
29f0407efcf09842849b3e683fe368a79f09887996daf317bae4dea1eca897a2b3bcc3b24f02ccdca1e34793adf2c643b78ae40d1e6e50de54e4da015e69d5e1

Download Submit