0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe
Size

10.3MB
MD5

a9eca8f320a5b18b756e051cb1ca9cf9
SHA1

f39d98f346704f77251ff9aaad582cd8a5bca2b0
SHA256

0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813
SHA512

355725aff358fbedfcfa32218c1931632e5b6b3c7098e94b15c46f6744f2537b0d1aa9e1052242b0332ff2b456703ff64e2e67aa0ea38e927269692c96b888bc
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
1792	0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe
1792	0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1792	0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe

C:\Users\Admin\AppData\Local\Temp\0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe
"C:\Users\Admin\AppData\Local\Temp\0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
75149956753639a4a3c89a9f83663a3d

SHA1
1ca8848dab221dbbe6a539baabc04ad15d00e6ae

SHA256
0cbcfecd9bcf4b71501499423057c1cbfd087739f0438a0e42cbc62d9e53d81d

SHA512
02816f2ee1c04253364effaeefb48190b8d20aca2ad5665454993839b23466acdc84655552d327a9a1391bd0f83d4c2ee7399209feb2dabf8351f73deda59272

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
23fc71bbc178e67020d06828d3c55de5

SHA1
39469be8205419fba7e666ca0e397735cafd7692

SHA256
6f86235705b28ce2f38b2cc45f4b9d227493528b6824b07e266bc48325a98d5f

SHA512
e1ad3dbe8ea3a681c1950757f68dd7732b9506828ae695dfb80c0942aab2806add2e6e8564720470e3e1bbee3777d928d31c53e8b8b6b294bd8a37173f284873

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
7268ff330cd8f8aa8f48286d002c725c

SHA1
03fedff8068793b48dbfb237f5c648433717261b

SHA256
303939f88875be36108756e98353b94c53a7810868dd59018214ef184161ecab

SHA512
57cf960c0db564d7c0bb0ba9190c336d999c5ad9789ece31d25b8417a63838b902c41cbcf79043f66cc504b1f2fc2c3fbffd69957724f397f8550b7be276b2e7

Download Submit