7218d769560965ea072fb83188e0cc3a15e1b3bb2dee628c99f456e90213ad89

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7218d769560965ea072fb83188e0cc3a15e1b3bb2dee628c99f456e90213ad89.exe
Size

10.3MB
MD5

04b41bddca4deaeed5296ac1a1d2915a
SHA1

1e6f73aa20280b1561b4d4222f6ec620f2c751d3
SHA256

7218d769560965ea072fb83188e0cc3a15e1b3bb2dee628c99f456e90213ad89
SHA512

50a31065327efe67f91bc419415acc3af3a15e5c94d30bd020bd6b759e55b3a738c6eab9d298649468964b732db1b369c06901dd738e2e8650b12d492c92ae4d
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
1712	7218d769560965ea072fb83188e0cc3a15e1b3bb2dee628c99f456e90213ad89.exe
1712	7218d769560965ea072fb83188e0cc3a15e1b3bb2dee628c99f456e90213ad89.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7218d769560965ea072fb83188e0cc3a15e1b3bb2dee628c99f456e90213ad89.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1712	7218d769560965ea072fb83188e0cc3a15e1b3bb2dee628c99f456e90213ad89.exe

C:\Users\Admin\AppData\Local\Temp\7218d769560965ea072fb83188e0cc3a15e1b3bb2dee628c99f456e90213ad89.exe
"C:\Users\Admin\AppData\Local\Temp\7218d769560965ea072fb83188e0cc3a15e1b3bb2dee628c99f456e90213ad89.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
84902b5cc11359534eb42047cfcf10d0

SHA1
573440cdcf445422e6bae5b7eb3bd9dbac2a86c2

SHA256
48bb1d9c8270c94b258f723ac7f7f276b7babca8e22057b6ad4675fe6bf42cfb

SHA512
ed0059e00b26d9e27c3d457cb76270620ef6643fdba060f9e1de82e3ac4e7899ec220841ded4d1a6a7d2af556a913bc8e4aa684eed94083244bd710cacbc1d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
116a9837724bfb1ce87f6f238a462d82

SHA1
8cfa6e208ae8d81101df4d19f7e4244a954a455d

SHA256
65aaff1590fb75c0f447dc3286ca8891e01d9d92c1797caa5b910c99b8f91fe9

SHA512
29d788809c1cf1b710f69eae4c69039bf731a080f8190125d069c95b283034f59fcae874161f63c810c9dc3aef86526c63f6d96c47e0dd6e0c41fb2fcf1257b5

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
71ffa9ab417b73dc7e80dbfb5f2f35bc

SHA1
cb60da221e9f3f2c7da2951b3e53992a92d3f4b7

SHA256
945db237e195a022ca262177e3aa677ba84dec73185d0d681791c769ee8c7d35

SHA512
d4eaeaead4240b16abe6ef61ab9dcf3bebbff326532487eb7533a3a9927817f48c6d1900d709ad6eb22b3bff0cf481fb87f70ef44d07317a97939e00515372ab

Download Submit