5f9accd1d2d2ddf14f03f239b048963b525d17023aefb1a7f600507c6a2b9927

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f9accd1d2d2ddf14f03f239b048963b525d17023aefb1a7f600507c6a2b9927.exe
Size

11.3MB
MD5

5a1444da83d50e4e79ae290ad0f30c0a
SHA1

39df780da02ffb259e90a52b093fa03e1b726926
SHA256

5f9accd1d2d2ddf14f03f239b048963b525d17023aefb1a7f600507c6a2b9927
SHA512

db2810636ff0c762f407ed261d6d24f87f0f06b1f10f050066e8303593054dede90ab5db53446ccaf7eb9e1a24f6fd88b4163c0a7fd0294f7d95e7b333176990
SSDEEP

196608:RXFGPpySVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:RXVuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2092	5f9accd1d2d2ddf14f03f239b048963b525d17023aefb1a7f600507c6a2b9927.exe
2092	5f9accd1d2d2ddf14f03f239b048963b525d17023aefb1a7f600507c6a2b9927.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5f9accd1d2d2ddf14f03f239b048963b525d17023aefb1a7f600507c6a2b9927.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2092	5f9accd1d2d2ddf14f03f239b048963b525d17023aefb1a7f600507c6a2b9927.exe

C:\Users\Admin\AppData\Local\Temp\5f9accd1d2d2ddf14f03f239b048963b525d17023aefb1a7f600507c6a2b9927.exe
"C:\Users\Admin\AppData\Local\Temp\5f9accd1d2d2ddf14f03f239b048963b525d17023aefb1a7f600507c6a2b9927.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
223b319ce022b04895e5d663eed574ad

SHA1
457d5abdae4a3d67c7a6546f4225611bb96eb1d4

SHA256
a6f49b7af0e942848a320656bd3df0812c34da1ef7716c95e020e57dfb0dc3ee

SHA512
acaf2a9254fec5dd232a2c9df7cfedd0a695aa6c1cbe5aa85ddd1c92bf965ee36272337bcdbdb896d140fbdf5c76fc20608f881791842dc1d7f927566bf3ba77

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
9f0150752095d8aa623f9c3eb5fcb2ae

SHA1
178361eb5b751d4666fd8f552265adf56c2d09a2

SHA256
14cdd3f324dc42acfe220dd1583387dab52fdbac4e9e4700d4fae441b4718374

SHA512
f75af2a01809f7eb7b8e830b74ee011a32e6c360c498df19bf1666aca27aefa9fa38b9a42696899aae890766b0ecbd1f96c8279979f4bde56dd74b18ea680294

Download Submit