4e1dad96f3664f055866af07b48ecd98d9351d74da5c28b4983e9d07bd1cdfb1

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e1dad96f3664f055866af07b48ecd98d9351d74da5c28b4983e9d07bd1cdfb1.exe
Size

10.5MB
MD5

0844927caf8ab741b07e1d5fc09e99a4
SHA1

12f67019256ea0a983608db8a0423a69e5e38690
SHA256

4e1dad96f3664f055866af07b48ecd98d9351d74da5c28b4983e9d07bd1cdfb1
SHA512

52bf19311cf9313b3fbd75a582ca63030f89f793d004169781b7658f2f1d3b04c198debe9ac638d22ac4de502e7c43a50ba309f793e6c2913d6bf0aa7dfcc4f5
SSDEEP

196608:PEeSSJ7PbDdh0HtQba8z1sjzkAilU4I4:Pd5J7PbDjOQba8psjzyz

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2020	4e1dad96f3664f055866af07b48ecd98d9351d74da5c28b4983e9d07bd1cdfb1.exe
2020	4e1dad96f3664f055866af07b48ecd98d9351d74da5c28b4983e9d07bd1cdfb1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e1dad96f3664f055866af07b48ecd98d9351d74da5c28b4983e9d07bd1cdfb1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2020	4e1dad96f3664f055866af07b48ecd98d9351d74da5c28b4983e9d07bd1cdfb1.exe

C:\Users\Admin\AppData\Local\Temp\4e1dad96f3664f055866af07b48ecd98d9351d74da5c28b4983e9d07bd1cdfb1.exe
"C:\Users\Admin\AppData\Local\Temp\4e1dad96f3664f055866af07b48ecd98d9351d74da5c28b4983e9d07bd1cdfb1.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
f21296441133d079a5c1bb18010a5ccb

SHA1
da04e328a532610e539d43d9026a22392bf1531b

SHA256
c651a090edf8387f72a8bc3b2096b2024642e12d8e34d0f2b3fe8f2b1055997f

SHA512
b402190d3fa1cd7978015547a7c153185dadbe611db644af2c1140e6c25df7f29c0bce249e104f7f8308a7b71ab50f2fe295c17bb687846892e1e74c75924e80

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
4e64c6044c1e9e39fc0cf3dc2ecfd4e7

SHA1
2f80422ccf570d8359e9c11874fb61902d75d4bb

SHA256
b4be0b8a101a8120cda290c4626b3a8ed31266cbc7581ba92e0c03faf7806028

SHA512
5750abd18dfebb1c2708a6dfdf410969314df28d308bd8b2f1556791161d907cff1fc0e1407cd0f6716ad09bdad6201cc1b7aa1ddaa181084b8e0c75416a9c07

Download Submit