4cb2817a68a120cb9f8ec66d8670505fafb9c8b5225f68cd03210140f3d063e7

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cb2817a68a120cb9f8ec66d8670505fafb9c8b5225f68cd03210140f3d063e7.exe
Size

10.3MB
MD5

4c99202be8c34b4e478257accd22fc5e
SHA1

0c1bcb4da73394585f1af8002a9fbf9bc7dd8a46
SHA256

4cb2817a68a120cb9f8ec66d8670505fafb9c8b5225f68cd03210140f3d063e7
SHA512

82bdd3cb58e771f132889b9a4958209890803f4463fd016e895c1b2971607ddc1c719993270901bf5572e731e8cb4fe62510b5764bda87767031bf7f22bd4fde
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2720	4cb2817a68a120cb9f8ec66d8670505fafb9c8b5225f68cd03210140f3d063e7.exe
2720	4cb2817a68a120cb9f8ec66d8670505fafb9c8b5225f68cd03210140f3d063e7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4cb2817a68a120cb9f8ec66d8670505fafb9c8b5225f68cd03210140f3d063e7.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2720	4cb2817a68a120cb9f8ec66d8670505fafb9c8b5225f68cd03210140f3d063e7.exe

C:\Users\Admin\AppData\Local\Temp\4cb2817a68a120cb9f8ec66d8670505fafb9c8b5225f68cd03210140f3d063e7.exe
"C:\Users\Admin\AppData\Local\Temp\4cb2817a68a120cb9f8ec66d8670505fafb9c8b5225f68cd03210140f3d063e7.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
c02500d571e7eac5a243d268783e167c

SHA1
580893edbd1c085ae7e6201fc2d1ebd34c4bc0c1

SHA256
6df7fe4c330011b80d84a1007a3c2050d932323a13d367ebf5756dbc2ad3096a

SHA512
3ffd81ffd30f8f5a750cb7e22bdc194fb52949f02383488803031888cf4dc5e596b66a1a1f8a740ec50389ea11cc34a1c7319ca04c8f67ef63ec93e59b092678

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
bce1a1c5cb14d75863904f216fcd9ccf

SHA1
df9964e840cf3a8a3d353e8ccd5d979ad2e05f2b

SHA256
716f276d3d779d6e1b80b6fcff8f49eb4d31bc58748caecb93e00eafe822a639

SHA512
a2c974ed19ccaf9a25b8eb7e2bea6f1498c7ec90d3936bb2610d0d5cbec86d25a49c33f44396a2b149383dfc95ec030937557877babd13586dd1d2016aa7ee47

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
d31f01134d1b76b33626ce53301ff4ed

SHA1
8074d752f5a47bec494865315183bbfce1910d05

SHA256
2f24d3d5ce7859b56a4a1afe783747c658f6f6aed084340abc2cf80e92d7be7c

SHA512
cc7652895c2ea38a6374407605bcd3b72328402f37143dd1333d1ccf2ba25f46d1947ffbe3666fe0ebc82c0e4caa1dc6ea6f6e923b906dbb791f7668f9f564be

Download Submit