39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3

Analysis

max time kernel
141s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 19:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe
Size

10.3MB
MD5

18202dfb8ee4bd515268a34c040bfd50
SHA1

6fc24510c610109daf7872d147e0fb7f41eba446
SHA256

39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3
SHA512

e42031dd2530831d7d4e23bb904cd47cf34766a1693bd85bd3a57309adb790e344469dc5b4893039b6abbe4ee2da3a6323a99119ade4c172fe2320cfdef3b47a
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
1032	39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe
1032	39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1032	39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe

C:\Users\Admin\AppData\Local\Temp\39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe
"C:\Users\Admin\AppData\Local\Temp\39b2de7164b1cab0704ffbf5ef8597d2c092a5aeca09b7242e43973055418bc3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
5f7d23320f0db3a3efe9ace7682fd0eb

SHA1
b8d662eb1eba9dcc0cb75b34162dd965bc401079

SHA256
234859ea59279a3fde4462b8696e07299da29c535fbe9ff6d5bf0d742e67ed26

SHA512
406e76c84c4798235cd7fa49139c327df002b0e2984c9bb8f1a0a50fb9299fb6d7dba451b6b3df179c91697e17358515f9fb3bccb5f5ade589db19d928096409

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
499ce2aac68f072c250324f597bbd87d

SHA1
fff3089a26e26df526c13dc3e368846caf824ab8

SHA256
0422f75c6ea3ddb60bdf207745a40cbced3504baed9d42a3cbf9781bfebee6a8

SHA512
ac2fe8515853a87ce07e7b6373e90ad6ba5340dce8c7034f7d46a522a281cd816ba661528cd0ac95333705b71a365e19f5c42adb0524cfb708dc0bf9154af9a4

Download Submit