185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-10-2024 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe
Size

10.3MB
MD5

9f5fa9b1d6e086199cbcb013a47f86c7
SHA1

3b7760f200fbadbdc3f2826eb86dae371eded33d
SHA256

185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45
SHA512

00644e6fba2f9636571ca18faa32bc11b1d30ce84a835f71834a04db2752d1d105055257f2e18d2846d33f87a1b9974c9048c7eb9e4a5ea24be7f3f6e5ba1085
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2068	185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe
2068	185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2068	185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe

C:\Users\Admin\AppData\Local\Temp\185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe
"C:\Users\Admin\AppData\Local\Temp\185f575d68d29ae0102b56b9dbaab547089c8d2a699e9c2bbdcd3fb260c84b45.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
84a76e860c1d0d6329717dc3ebfd1eb0

SHA1
9cc4e5a8a752e615d1611960504ca7093d414743

SHA256
4dea860bf79eef7cb5bcdb69b4f69c8fad5e6786c435921cffbdcbb788282ac8

SHA512
e90d7dcbb651c0588ab410b88eacdf53d9df0c9f3f1cff2afd9dcd80bf8b3ce0d396e5ae30cdc5487cb50aeef57b5498858f65476365e855cc6fff30ab1bb25f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
457c8e3976631edb0eaef2a25f302808

SHA1
2787abab20a362d69bd1d581a05c639f94ade661

SHA256
c2b305d4b0e83be6ff6dca4b6091bbf28df22ff2c0987afa7e6ef5474f234703

SHA512
01d51bed74ca2db454c77b3d68c5d51447e01116d664e172ee7b8a4e36b49caace2fda88891dd5844d0d2826e2b1f28c9dc25b47c171c55b4d54888bb9ce61ba

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c73e014153b6cbea55ebe9e8b4c733e6

SHA1
8f89067961e52b32dcf149699d94b3c75eb5b404

SHA256
456af2d125e8628ab31c0cde07fe9ce71a254dfe37a5002f04412790be6225be

SHA512
7d01ab371c9688ef1a72abdffbb05411b27f14663ec1f2541b9d52601951222a435cb16bcdbca411ec1d91dd357a21f84b1303fb3eddca640e59cfc3ab16e85f

Download Submit