2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9

Analysis

max time kernel
129s
max time network
138s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe
Size

10.3MB
MD5

f22cceeeba54f88ad53fc2b623303b4c
SHA1

e7fd674a3564c5ff4d5f6bc18006ec4a7986e574
SHA256

2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9
SHA512

2ba056db86aa9bd8b1c3dad5c1a4b7878b983dbf1400bb1651b429c546e532d59b485a4b7036a09877be8ee5cc1767181841a9f7463bcf8af645162361379f50
SSDEEP

196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2384	2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe
2384	2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2384	2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe

C:\Users\Admin\AppData\Local\Temp\2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe
"C:\Users\Admin\AppData\Local\Temp\2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
813f3de55f6a62a3d9ffb008fc46f7c6

SHA1
03e72e3c12f6ce3458d4221581f26b69fc646c02

SHA256
fed581026c4d3241c70da2e5347a77343691f79e3a6ac8fff7056f91daf96c78

SHA512
b6123a2ab7c74d14f627719cbfc0a89e3fde765930aef9862a371e94c99e364d2cb99403e92860ce7d209c6589ade46d7dfcbc78454799ad97a1c340171c27c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
3b94ce2f321737aae12fc0329619d1ea

SHA1
d7ffd8195eb0a141887575e5d62e1b41e2f600ec

SHA256
5c03de10d00ced0fd0e37698f5b55530cc0bbec436682691631a58441187a6a5

SHA512
353c03251cd3c9f6106083eb24819f1a09ecee75f59a33520203f8ccd0269763d173797744fe38d3bc0398b97869d8c01aec97432ce0ecb52dcf048ae850425f

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
e4913b9f4ac233d0d28e047433b4b8e9

SHA1
218f3c1690e956d4d18c0d8073d78ce7da717d08

SHA256
f85a9a5e85736d421f7b7bb25f1550ceb84eda51b63e1793edc1dd3d6eb3e1f8

SHA512
fd0bcc575717c93da4a0c842da190b5bcf82ab79b1b5566708460d64206959f6f97149165b980faa827eaca8bab4f779e6d0ac8e7643e10e7500de654089efc5

Download Submit