Analysis

  • max time kernel
    96s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/11/2024, 19:05

General

  • Target

    d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe

  • Size

    7.9MB

  • MD5

    b10e28d1033d63a014cade22fe06027b

  • SHA1

    df7187144e7e6ab0469f08a0c1a151777fb3c974

  • SHA256

    d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89

  • SHA512

    3723e236aac662665c4d6204ddcb06f16742ce4787802469d9eda70a44b512eb8e72e8f8d5e49f66b14810d6f7f655334f9edb6672d94ed8354fb86df56adaf4

  • SSDEEP

    98304:w4NxK/6sZTj2Ry2fPAWyjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafv:w4m2INTx9Pe20/zkOiu1f+79YR

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe
    "C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:4484

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\lite_installer.log

          Filesize

          4KB

          MD5

          990211bac4e9f8930506498405d4f1da

          SHA1

          2388aa31abbafdeb6fb61fe344e23ee5c16b22af

          SHA256

          046b6f7b9cdcbc85eb4e65e43ef3e53caa4592849feefb33fe366f3bbd292366

          SHA512

          55973ca4647d171a962bc0f59afa2db141ac34419b7c98ae8da53b6e77814fea191c3676ca53f437d35dc75e7f84d65276b58ca5c06de1d691f611149f2d0b14

        • C:\Users\Admin\AppData\Local\Temp\lite_installer.log

          Filesize

          7KB

          MD5

          bd455e31198e6c3b8ad7b962cc429e0f

          SHA1

          63322eb4ec156ec6d89faeb8c42af434ae1343c5

          SHA256

          3d84933814bd9621ac2d69722aa9139c4ff859e3ef98cd33ebb71cf6e729a531

          SHA512

          dc9877ffa42c3eb4338e0d058aeeb9161cea52b48a360d54b548c2b30d17c31fcbe0e79dc670e642a5bfc81a91915269373b8bb74946a591d8214594904ba7db

        • C:\Users\Admin\AppData\Roaming\Yandex\ui

          Filesize

          38B

          MD5

          d75e14e7fae2927901652fbab269c730

          SHA1

          ee44479e8847815c4cd78fae9065c2dd4e9d4c4a

          SHA256

          52f74a706a5278f0b18e57acf9a92bc4f6d2fd60250c6a3752966cf0b34dd2b9

          SHA512

          abe933bf9d6c8c65b321f1801890fc1c9f8ba40e81357fea03b59acdb00b9228036e1fba0143c1428768f657fedf690a791c8c962c0f96e6f4c5d54fdd2d7831