Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 19:05

General

  • Target

    8fdecb291591c389f44647ddb7184ff868f9d528c3e293fecafbc2cc8c710dd0.exe

  • Size

    11.3MB

  • MD5

    0a0635b977655189f0166bb67f321c65

  • SHA1

    8cb873ea76e5ab17d1f4b726180e994886e3179c

  • SHA256

    8fdecb291591c389f44647ddb7184ff868f9d528c3e293fecafbc2cc8c710dd0

  • SHA512

    e3e1ec9c1d3d28ca8fbd5e8d21fda34fa2af494c60941bdfdae31f53f35caf18c5fe2686e251af96a5dd92047f83fdddcdaec4cb6acf0db72e635e56a73a787a

  • SSDEEP

    196608:RXFGPpySVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:RXVuf+6poDjBTRxa8psYSUa+arvSP0z

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fdecb291591c389f44647ddb7184ff868f9d528c3e293fecafbc2cc8c710dd0.exe
    "C:\Users\Admin\AppData\Local\Temp\8fdecb291591c389f44647ddb7184ff868f9d528c3e293fecafbc2cc8c710dd0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:3752

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\lite_installer.log

          Filesize

          4KB

          MD5

          c7c81b7c8c0c8f0349d18387dfdd71f6

          SHA1

          85874ab87aca9e7d1f1a76e416fbb374e5db5d6e

          SHA256

          dfb646cb3e1b0ef8b6e71f065a0c0086464cb763101cd9a5b9c7637505046bee

          SHA512

          5969c2c747d578168848ff7ea5c5592e75417215b0fcb7191a1db6a3e7eed7b1c41cce58d394a0c55930c18ca387826f3339a90c4704ec0792489f6db78e08b0

        • C:\Users\Admin\AppData\Roaming\Yandex\ui

          Filesize

          38B

          MD5

          26acc5608fc8f4431015048a52a8cd52

          SHA1

          42c27254a240982248bfd3d7e507769ab8a4a9b6

          SHA256

          ad328625a408e71b8f87743ae49e677131981720c5f89d7e48dd524a480c1114

          SHA512

          96b644660b0c9404631dc8d7acd5c72788c7d0948e29ade9aa96ed81f3e2ff6f42aaed6d10ff4e4cb2654396433a9bfcec1d5cb8f8a2181fa964bdba5265d023