669547f78f1dcd17af464c5582aad10567282cd8126509266d03b5cb7ae026fe

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 19:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

669547f78f1dcd17af464c5582aad10567282cd8126509266d03b5cb7ae026fe.exe
Size

10.3MB
MD5

0707930bab7210cd86b9db13be0c9a38
SHA1

5136c735f0f0353b241045adfc9168079a5c94fb
SHA256

669547f78f1dcd17af464c5582aad10567282cd8126509266d03b5cb7ae026fe
SHA512

15c29749788de32c8097f6f1cb6a1eee6e3e0876288fac09f509390bca374e510cdbcd90aaafb49ef3052e31ea882bb321e4ed6ab703a5e545daf1a741229ab3
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2296	669547f78f1dcd17af464c5582aad10567282cd8126509266d03b5cb7ae026fe.exe
2296	669547f78f1dcd17af464c5582aad10567282cd8126509266d03b5cb7ae026fe.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	669547f78f1dcd17af464c5582aad10567282cd8126509266d03b5cb7ae026fe.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2296	669547f78f1dcd17af464c5582aad10567282cd8126509266d03b5cb7ae026fe.exe

C:\Users\Admin\AppData\Local\Temp\669547f78f1dcd17af464c5582aad10567282cd8126509266d03b5cb7ae026fe.exe
"C:\Users\Admin\AppData\Local\Temp\669547f78f1dcd17af464c5582aad10567282cd8126509266d03b5cb7ae026fe.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
d5b0e3edd15d0068227439b8ad4876e6

SHA1
dff8ae41d2bd659879dfd8379ff5a6e9ba2cf682

SHA256
f92be603ffe081fb4ce5f0b3b7f136f47cc0744add3e01f106e2619d4bf20862

SHA512
d82ef93b5f461b09aaeefa6380c45baf26d13487f9d4ea1cbfc3fd1de4d7230747650b34162fb39a64bb8e3d0794b1a24f263c51e1e79a41afe669e659218f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
6e485ce64dac3486dc3fad730210019f

SHA1
579cf290edfcd840f38bffa34de56b53f79e017a

SHA256
5de40eff86660217d3893d5a192d59c57e6ce9fcd5053e81668060bb83a5bff0

SHA512
4cd52d33cc946a2902164885f71125ff30c05f9d5a4d82c6ab4f2f0654bbfcfc5363aa7642da2acc23cc3d790dbd1387295cc8d7b07d10a04f80ba8e8051e104

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
a77e46d4a31df5bef15cca3b5041d83d

SHA1
029b33e64089c16f1c3578a0e47bf7d29156e547

SHA256
1a81b7608ec07e5ff49adb3b0752787a92e7a8014159c018a5cbfcc7a39be659

SHA512
9348ebb2d9eadec18ebc7c38be49eae05de3d613ccb49891b30692a6e065f500c5864d01b14da163796cbb90c2993c579301ae89d52207d64de782c96dfd7c4a

Download Submit