f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe
Size

11.3MB
MD5

522df9b19110f16263a5bf219eeab1d1
SHA1

28805feefebd179c74b4ee471021bcf68a75e25c
SHA256

f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9
SHA512

1ff15a187d723eca661306c45ef3798ac33427dc5e5b242af54f58ff7d2e4c986159027541488dd2648f2ba9ca4a7af33d9f294e6d82b6790e9fec1efa2e9447
SSDEEP

196608:RXFGPpySVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:RXVuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2096	f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe
2096	f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2096	f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe

C:\Users\Admin\AppData\Local\Temp\f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe
"C:\Users\Admin\AppData\Local\Temp\f80db5ddf3b01701f1d1ca695c3302eb1d6be33b716efa790425f6ca480c62b9.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
45fc885a68685abea3d4f48fbea8a09e

SHA1
bfe35606ca84ce5aed01c0b2ed49d791d5c7f542

SHA256
a2d54c35eeb0f8b9f2424174af2b9cba67f9d566209c78efe3ff4269ef501dc5

SHA512
598235b28b852bd9c662f2ca4e780170665576b4fddb87bb6978ef43097221b64323e430067fc0ed7b049e8de1805527f83e1e6851522a8d911971757ede9ee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
12b763d58d68aec7a669eb2e2c4b61bd

SHA1
ff4cd056e8278a01238b49ed82b359471ad41b88

SHA256
920e6616bc68869e8587e6d446d07fc241e1178da4a09b5bbe327c9a1b473294

SHA512
071ee9a4ed19dfd143683785c894f356ef7b43f5f44e006dba02683799b365013bfb977081aeaa570d063ffd46c27b329e3c77c12338f10beba6c33fe2d7bdd0

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
619e861f2d7e38481881fd9bf5d9119d

SHA1
d4a4d13c31b462b1fd10be76c78bd010fb663868

SHA256
0c3e29d9b29478227c316036cfff2ab6cfbf929756631808240c3cce8b944dcb

SHA512
54487e665e0c77286038c74c5224cc09eb45ab73e96520ec2ad6095bb704b8c2de8265b90ad6d964555e6f6104fb7d9e7fdfba97dcd90db385546d18496ba8c1

Download Submit