Analysis

  • max time kernel
    129s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18/10/2024, 11:08

General

  • Target

    2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe

  • Size

    10.3MB

  • MD5

    f22cceeeba54f88ad53fc2b623303b4c

  • SHA1

    e7fd674a3564c5ff4d5f6bc18006ec4a7986e574

  • SHA256

    2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9

  • SHA512

    2ba056db86aa9bd8b1c3dad5c1a4b7878b983dbf1400bb1651b429c546e532d59b485a4b7036a09877be8ee5cc1767181841a9f7463bcf8af645162361379f50

  • SSDEEP

    196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe
    "C:\Users\Admin\AppData\Local\Temp\2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log

    Filesize

    1KB

    MD5

    813f3de55f6a62a3d9ffb008fc46f7c6

    SHA1

    03e72e3c12f6ce3458d4221581f26b69fc646c02

    SHA256

    fed581026c4d3241c70da2e5347a77343691f79e3a6ac8fff7056f91daf96c78

    SHA512

    b6123a2ab7c74d14f627719cbfc0a89e3fde765930aef9862a371e94c99e364d2cb99403e92860ce7d209c6589ade46d7dfcbc78454799ad97a1c340171c27c4

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log

    Filesize

    4KB

    MD5

    3b94ce2f321737aae12fc0329619d1ea

    SHA1

    d7ffd8195eb0a141887575e5d62e1b41e2f600ec

    SHA256

    5c03de10d00ced0fd0e37698f5b55530cc0bbec436682691631a58441187a6a5

    SHA512

    353c03251cd3c9f6106083eb24819f1a09ecee75f59a33520203f8ccd0269763d173797744fe38d3bc0398b97869d8c01aec97432ce0ecb52dcf048ae850425f

  • C:\Users\Admin\AppData\Roaming\Yandex\ui

    Filesize

    38B

    MD5

    e4913b9f4ac233d0d28e047433b4b8e9

    SHA1

    218f3c1690e956d4d18c0d8073d78ce7da717d08

    SHA256

    f85a9a5e85736d421f7b7bb25f1550ceb84eda51b63e1793edc1dd3d6eb3e1f8

    SHA512

    fd0bcc575717c93da4a0c842da190b5bcf82ab79b1b5566708460d64206959f6f97149165b980faa827eaca8bab4f779e6d0ac8e7643e10e7500de654089efc5