b8455374ea993704dafd4d129dc97272921b2acb4fff1f0c272c6f97a73cc2fb

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8455374ea993704dafd4d129dc97272921b2acb4fff1f0c272c6f97a73cc2fb.exe
Size

10.3MB
MD5

3b1b38bd42de7e5546c55385d1befa55
SHA1

123650e10ce466667998a85282329a73412fc1e1
SHA256

b8455374ea993704dafd4d129dc97272921b2acb4fff1f0c272c6f97a73cc2fb
SHA512

e8001d09c01fd17d9b220e2ceb966445222f0e4ca31f9e3863728ca60f9b2e90dd3980519758ec1115a4156fe818e146a3fabc58e04d6c596c917aadaa5acdf9
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
3020	b8455374ea993704dafd4d129dc97272921b2acb4fff1f0c272c6f97a73cc2fb.exe
3020	b8455374ea993704dafd4d129dc97272921b2acb4fff1f0c272c6f97a73cc2fb.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b8455374ea993704dafd4d129dc97272921b2acb4fff1f0c272c6f97a73cc2fb.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3020	b8455374ea993704dafd4d129dc97272921b2acb4fff1f0c272c6f97a73cc2fb.exe

C:\Users\Admin\AppData\Local\Temp\b8455374ea993704dafd4d129dc97272921b2acb4fff1f0c272c6f97a73cc2fb.exe
"C:\Users\Admin\AppData\Local\Temp\b8455374ea993704dafd4d129dc97272921b2acb4fff1f0c272c6f97a73cc2fb.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
94c63a40c5baa5a0ca0de974e380ce2f

SHA1
5980f3ef2fa383cc41bba46722ba92731124ab05

SHA256
894bf76a334077727ae4dd96b1424896318f48d444056083232d391d99d3cbaf

SHA512
a11f0c1dc3820e995df09f1ca2958a91fce2e89b7c83bbaa2502cbcef301e67c4b9ccb6793f4bf647e3563a3f45edb4e2bcb5010921787546f7e2b0950760ed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
77027ca41f13c02849d73ee8cddbf71b

SHA1
c2ac2ec833a3cc650d201f811ded7e539392d322

SHA256
71ba56c1132262389f6b475152797a908de46ef628e5beb9471672aa85a9917f

SHA512
c2c1e0f83604fb1db0a7ee5cf30151ab9e60655e22b9ccede677512db76367b21142a16b707fbaead13a7d07401a56ccabb4ce5310ded767c68bd05d189b2501

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
32b11c59dc73226870a95a389413c8c3

SHA1
779117222d153146e655cb767dc0f71754ddf9bd

SHA256
de0bd3a3a9bb03c801543ea233e4f403222f737a40524a1320d19a01d67bde2d

SHA512
74476c1a1d1c57f060aafdd57328071fb2dc9845152b5fab7cef5967d3b01a6c5c86d1e17ea0e40d32cbf3dd922df61216e8f95272f2ef5a7a992f321d2ca185

Download Submit