02e87ce41784ec0d2f56cadb63258d590343a59bbbcab7ac4fa881ec9313645e

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 18:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

02e87ce41784ec0d2f56cadb63258d590343a59bbbcab7ac4fa881ec9313645e.exe
Size

11.3MB
MD5

639c544d93c1c5b8f4820b80645b7632
SHA1

fb2080b18438c6ba91555393569d847da8f8fe28
SHA256

02e87ce41784ec0d2f56cadb63258d590343a59bbbcab7ac4fa881ec9313645e
SHA512

1a020aa83095e5ef0309b56389de856d5b9bad9440f2d6c9da55bbb8f06c72c9e950014a8cbe021cf0bd878a0cc02f1adaa7ab07ddef4cb0a164706d7a646dda
SSDEEP

196608:RXFGPpySVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:RXVuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2552	02e87ce41784ec0d2f56cadb63258d590343a59bbbcab7ac4fa881ec9313645e.exe
2552	02e87ce41784ec0d2f56cadb63258d590343a59bbbcab7ac4fa881ec9313645e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	02e87ce41784ec0d2f56cadb63258d590343a59bbbcab7ac4fa881ec9313645e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2552	02e87ce41784ec0d2f56cadb63258d590343a59bbbcab7ac4fa881ec9313645e.exe

C:\Users\Admin\AppData\Local\Temp\02e87ce41784ec0d2f56cadb63258d590343a59bbbcab7ac4fa881ec9313645e.exe
"C:\Users\Admin\AppData\Local\Temp\02e87ce41784ec0d2f56cadb63258d590343a59bbbcab7ac4fa881ec9313645e.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
d2e8d1efe2f3c92167c48147c87c0530

SHA1
33fb4cbc18ca0919aa9ca856b050d247daebf714

SHA256
b247887fefa60f24844461cc4bbf3b2ba7c8469df1a30224ce0e249938be4717

SHA512
9bdad2c85db0562821c55b92ef05cbfd9d23ee584a6fc72fcc3aea507993fe4667827b97cc2c073c9512141a3a0f05401ab1b6750301842c31be7d1b30361f86

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
b94831aa33c26f5b2cdb600cfcafeaee

SHA1
f20164560b7b6b7fbeb94b509187ca45f1c5511a

SHA256
69411a8eabfb71f59cb7ce17af7b251325276a2c0f6504505612077ee47c3589

SHA512
ecbadec05839d9b212dfcaf6ac4e0ee8aac5b95549eb8f6d4e11dbac5537cf75f00857655f3dac727ff168baf8d74884e8398fb660f201e5d299c243ad51ba20

Download Submit