Analysis Overview
SHA256
d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5
Threat Level: Likely malicious
The file d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 21:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 21:33
Reported
2024-11-09 21:36
Platform
win7-20240903-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Downloads MZ/PE file
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe
"C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| RU | 5.45.205.241:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | cachev2-ams22.cdn.yandex.net | udp |
| NL | 5.45.247.27:443 | cachev2-ams22.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.22:80 | crl.microsoft.com | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | bea152bc5ef863b38e16b2f842720500 |
| SHA1 | 1fd57a3dcde9354423bc733d684f0d062d591e3d |
| SHA256 | 2f2f6370da17d7d17314d7d2ba7220809e34d892dfd538605b18325bbae70727 |
| SHA512 | f1d427dd662f9cfa21a7bb46f361bc0653106861d5c7607f9c1dfdace497797b2d8417f749774f28bc818a080f2cb191870761272fe62048019c3259f770eebe |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | ca62c199f2fb3ae24d4cfead0a59eed1 |
| SHA1 | ff7586935d53093c2a551085dc169e987b5c65e9 |
| SHA256 | 067febf5d57e210f5768891f9ffd4c1e094e49513758064b7c91c4a991a1e2c3 |
| SHA512 | 5d16ae4a374b0853772bd3844a790d5e2f94fc0d88eca0b55dbcf22139ae27262e57e4fa3e780b1462093f58c7fc3830dc7c045726575a097cef4f0a50ec29c3 |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 791a4c7fe4c6b24fa4dd09e666a3613d |
| SHA1 | f80341eeb46b30e83ff03b5becb08aaa5973c2ea |
| SHA256 | d12b61176177e5ab2ba7192cf06013a09614bf126a9af8d22646b68e99a0ac81 |
| SHA512 | 783eeef5a75575de300caf2d6db3a02f6caed66343abcd5d65df2b8cd494f2d9b13c989db9f4469794da0e29726919d659213558a95a326628b5eeb388f12a9f |
C:\Users\Admin\AppData\Local\Temp\CabF3C2.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 21:33
Reported
2024-11-09 21:36
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
152s
Command Line
Signatures
Downloads MZ/PE file
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe
"C:\Users\Admin\AppData\Local\Temp\d00ac190ccc748349589e55b40ecca2fb9c69f6a79a654fb7288cc9f844abde5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 5.45.205.245:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | 245.205.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-kiv-03.cdn.yandex.net | udp |
| FI | 5.45.192.141:443 | cachev2-kiv-03.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.192.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | c2ba89b9e06bb15cbf0c229239128770 |
| SHA1 | a9b0a4cd53446a5a2962dc7b10e42ee5246d921f |
| SHA256 | abd1e662fed4ff94531b459a30c8793c78211bb3f2307eb20d1bbc4627c1db99 |
| SHA512 | 3a1a0f9b0daa4f07573978dc3bd1e73d0abce3ff3e16fd865ae8e3b44f36c0c88632f84866cb4d7aad807e5c863c4d7df3d0cb2e834829510b93b31cf54f8113 |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 3245baa669ae426f418780582e180534 |
| SHA1 | 09bc344b8368d4ddf1c1cdab41025da28ec57e9a |
| SHA256 | 5f3ece22c48d18d7f1d42c3c339e4bcd6ec27c522bae9627597bf04208e92a3d |
| SHA512 | b6f22b884abc3ae51be82a90ce7da5b638877e4139f41941961ce8ae3e7976cfcf6e3681a9b818c18184ac318b39b1f5d9db2d4a3c3f7542165b1ca0ddf4d318 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | a82c05d8219310fc1ebfce349ee66a61 |
| SHA1 | 92b7df0e7044eb74163c1484e4cd7fb1dfe00257 |
| SHA256 | 544a1da597dfc8e4d32553a2f0d36a6bc43fd644c830baaccdb1cd9b2ce04e4c |
| SHA512 | 81e508d7429291f50ff6b9be4f4bb4a3ce1ee888baf49b1c6e939bd0859ca5dd2b0347ed0a1022c1efbf74288a114e0ada999780edb333c0e3f34649081fd56a |