fe83dc2b2cfe278a1674f98b76dc5170cc10b94ac0b6a3ec13d4e3fb2de19d98

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 09:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fe83dc2b2cfe278a1674f98b76dc5170cc10b94ac0b6a3ec13d4e3fb2de19d98.exe
Size

10.3MB
MD5

826b65ca8150e0c8adabd03c48464dc9
SHA1

06e1412ea5e8305131290f50ef61286005fcbdcb
SHA256

fe83dc2b2cfe278a1674f98b76dc5170cc10b94ac0b6a3ec13d4e3fb2de19d98
SHA512

437e8df209e091883ec610df2b296abe391b5ff2cf882be4f3a5f66e913e7df1438eb3a3ed5cf1ce3dd5de67a78034ca5e6334af90983dbafbec5d3536b55f1a
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2508	fe83dc2b2cfe278a1674f98b76dc5170cc10b94ac0b6a3ec13d4e3fb2de19d98.exe
2508	fe83dc2b2cfe278a1674f98b76dc5170cc10b94ac0b6a3ec13d4e3fb2de19d98.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fe83dc2b2cfe278a1674f98b76dc5170cc10b94ac0b6a3ec13d4e3fb2de19d98.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2508	fe83dc2b2cfe278a1674f98b76dc5170cc10b94ac0b6a3ec13d4e3fb2de19d98.exe

C:\Users\Admin\AppData\Local\Temp\fe83dc2b2cfe278a1674f98b76dc5170cc10b94ac0b6a3ec13d4e3fb2de19d98.exe
"C:\Users\Admin\AppData\Local\Temp\fe83dc2b2cfe278a1674f98b76dc5170cc10b94ac0b6a3ec13d4e3fb2de19d98.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
404608629cafadcaa45bedf8a488f482

SHA1
68cb57ee4cfe2948709190c2125c982a07040c40

SHA256
3b6e95e69fa3b4eeb7b3f290de8d6d8e0cc5fa49e426a32a2f7992e055a8a31f

SHA512
a895843bec64dd6a43bfb36e1fdc814dbf80c69aeeff0e073dc80b88be6029834bba5f61f5565627908132f0269bef0a3c8c662c2d104162aa01083c51e4bd01

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
978ac1204116955c3911ecbb5f632ee7

SHA1
46ec118b3df9bb15a2d95a630fec65cbdf090ce5

SHA256
eb7e8efe363a85a64a447c3cb43e3499a9a9d5ef0fe63aeec1f5a7ee504204da

SHA512
513aa3a37805bad25bdab06b6585cc77642eaa7d4226812fbdb5da5a1c48a8182c79b7b12c474bd04875f2bbefb317023c5b37c5cd3a294ebf89df1f562df556

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
b972099ce0a40d7653de9f2b0cd4d74f

SHA1
8370427013360e9086ff93a40eee478a29db1618

SHA256
7ab88d122db190b1263df0fe4805e6c42e3e88c9e5725a81e5adb02669764f24

SHA512
612ce4e1b641464d6fa575dcf7918e55976151eabae77991d0368e8cd001b439752adde343909fdb5cce57be4efbbc35857b0cd54d1aae55481b48cbbf35d52f

Download Submit