439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb

Analysis

max time kernel
129s
max time network
137s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe
Size

11.3MB
MD5

9885f7cb150dbdc314b1c2f04a525ccd
SHA1

f0e2ed946e46c54b530838c6e342c9d6b01dab79
SHA256

439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb
SHA512

ab5e42ab1d4467ae7f4b4b4890aa7bd37d3d7304f184b392f1d4c2bef93f5e169e98a33fc07b41f4c1f21aec6af57a804f0dc544f4af428983ac2a814f71ba44
SSDEEP

196608:RXFGPpySVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:RXVuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2736	439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe
2736	439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2736	439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe

C:\Users\Admin\AppData\Local\Temp\439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe
"C:\Users\Admin\AppData\Local\Temp\439429586b8ec78dd4526042e0c4c519e963521311d322234364c710d0d0fabb.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
c1a740c81515842da9ecca379235a60e

SHA1
93862783836ae15421e0c08f45385da3beabf4e4

SHA256
20229d52077c061cca653a251e63c4db9ab46b0add579ce5979f84e130eec04b

SHA512
2e102a0a5576ba7064b96ef02ded624be24f3be4a45f2ffc4c1bfbad1e35ade2e87de79d33d23ad5ed61f79abf9a47b276a55877895500ac80d5b2001293f879

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
3KB

MD5
1e4037d7f6bf2ebb315602ed1302e355

SHA1
dcc470f60afc49c23507371bce2270c5fd77e5d4

SHA256
205808235002bc85d21f33e3d852428fb10a2654fc66d08d5c804b2b2c16d0b0

SHA512
386180ef989636d3e2a0fee9f808dba7604eec05bd1a6c75b4c0e1349263569487338992994023ee7d0e61597e90aaefa32cf29ffef9a2017a17586de60d9a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
04c580d76b64e8d9c0342184420765ac

SHA1
cf795bcb07d58e061151329774eb4a1f20549b1b

SHA256
14363275604927a2e6422c041aa145b9a63f71b9fa7fd0af39b97c9c0ae1524c

SHA512
4f9c90fb71b027cf4bdbc548e982f54f317fa2ce46d0f259d8ae687cd5985f1d32de75642c1ac5dc2426ff15344f9361cd3e33fc06cfc7412b282ab34cf1f30d

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
fafdda1f244a185836033035090130cb

SHA1
5aef811985f033e5542cf0d321b97563a9933239

SHA256
b539b907c137c8c11cf21488d77d73f53dde3ca7b253046ac8a543c220bd6c25

SHA512
102ef4c5749f4ed82e8e5e39d99e27c782a2f6a9a02a2275c681820d05f5ccfcd386cfaa8ff3490bbfce2328fe8a1aad3758a3c6258d61fd4a72a7e26b6fe481

Download Submit