4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe
Size

10.3MB
MD5

a8d44fc771b4fd046370ad351b0b1c90
SHA1

9350a25537f747a361ded35cf87805f87b9e780d
SHA256

4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e
SHA512

dfa5c78adf4f00022109981d126eb14c4be5f175b2e530b8492c88dc7ed66ddf58c78402c536fd5a7f2476daaf8e11c32550e94ed4d4ece53cd70a1e1daa1358
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2108	4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe
2108	4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2108	4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe

C:\Users\Admin\AppData\Local\Temp\4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe
"C:\Users\Admin\AppData\Local\Temp\4d20fa7c661da2518e7d0c189f30f14249b8a1766ff0e0d6e063b0ab29257d9e.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
07fd5600d298d006cf46acbb6ab6e11b

SHA1
8f5575f23bed39300b26ef1271e522982f9dec5c

SHA256
6c51ceb87d36fcbffdc5809b2165134f920ce5149804a053019351ae78b42782

SHA512
20f85d744a9a84e31cc8f675796991882cf6d5308439093e1777c150b7d9628d55a66e4a309c4765f10a6c24463ee84af7c0bbc6ea45f11cf02e5bdd240c4432

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
fca67df696272548b63a08c49ab53a1d

SHA1
d1aa9dedf8ac6bd7c2b6d2e9d3782a3d847ed410

SHA256
74f4eeda4f66b3f3074d2998c969e8c2b49e3fb2e7f5840cf8833908fcb99b71

SHA512
94760853a9a082cbc38f889323458d158ae2e13cc1976c12a6c8a2a2de20da554cc49d72413c9cb149936b0d95235a62a0e419dfb97f93b67321272d868ab3ba

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
500e65df2d0737ee72d54b3cbf3c6135

SHA1
8f52a127cc6ee6e383802bda9b7eadd16d427cfd

SHA256
97f3620225c90e1a0a2f9b8bf946340fb785f025c50466b1aa5ce954fae2f069

SHA512
8af012974bbfa87cb2fa0b5da0895ecf0d942ec20d1a59bb824da5b417948714231273adc0cfba29380f85c383cedcd7f80ce53205ff602d03599d6588f98aa1

Download Submit