Analysis Overview
SHA256
d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89
Threat Level: Likely malicious
The file d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:05
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:05
Reported
2024-11-09 19:08
Platform
win7-20241023-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Downloads MZ/PE file
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe
"C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 5.45.205.243:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-fra-02.cdn.yandex.net | udp |
| DE | 5.45.200.105:443 | cachev2-fra-02.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 5.45.205.243:443 | download.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-ams18.cdn.yandex.net | udp |
| NL | 5.45.247.18:443 | cachev2-ams18.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
Files
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | 8a3ed6bf627f8c033b42dc3744c2c80e |
| SHA1 | 1a16d4c0fc371924a122d05c21b317a943dd809c |
| SHA256 | a315986ca40390cc8063566544267515340614395a65d78abe450c0e5557dce5 |
| SHA512 | 6cf611c0bb4f68105dd7a5a800ff1214e8ccf3d4793b175cb32808a35bbd1800a09329c7952dfd250c3cfd9980ecda034d8c79cc0f33b742f9d0f2a79a31845b |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | b99ff9bd18fee4400d29212b3bbf388d |
| SHA1 | ba0d1e819162d1256cf9d69d5f0df0660eb84b25 |
| SHA256 | 24edcfcd46f8f480d7fe8301953f3edfce20f0950c4a4edef1f86ef33bd2345c |
| SHA512 | 33a892cccf824f0110b609d1e6294b40e23499383f593eed720ac1898fc36314f06bf47069f5d260c78478a56e92cb03a90c0d4484a3b306a6302a6dea8d5e9c |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 6f6bc275c2a522efab6f5c653aa387c7 |
| SHA1 | 3f1d768d1df9738c0db235bc9fe021423be9c7f0 |
| SHA256 | 046a7387c645023d9dbec41f05252d896d71353342788a713b0773eae93fe263 |
| SHA512 | 744c46a5d41e79261e2c5e19470aba3b2cad1de3c9d7d6f91eab00c711ecb5eb6148615c2760540e8305cb93831e1f146cf75e442fb14e4e32c5c16fe5ec58b8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:05
Reported
2024-11-09 19:08
Platform
win10v2004-20241007-en
Max time kernel
96s
Max time network
144s
Command Line
Signatures
Downloads MZ/PE file
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe
"C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 5.45.205.245:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.205.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-ams18.cdn.yandex.net | udp |
| NL | 5.45.247.18:443 | cachev2-ams18.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.247.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | bd455e31198e6c3b8ad7b962cc429e0f |
| SHA1 | 63322eb4ec156ec6d89faeb8c42af434ae1343c5 |
| SHA256 | 3d84933814bd9621ac2d69722aa9139c4ff859e3ef98cd33ebb71cf6e729a531 |
| SHA512 | dc9877ffa42c3eb4338e0d058aeeb9161cea52b48a360d54b548c2b30d17c31fcbe0e79dc670e642a5bfc81a91915269373b8bb74946a591d8214594904ba7db |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 990211bac4e9f8930506498405d4f1da |
| SHA1 | 2388aa31abbafdeb6fb61fe344e23ee5c16b22af |
| SHA256 | 046b6f7b9cdcbc85eb4e65e43ef3e53caa4592849feefb33fe366f3bbd292366 |
| SHA512 | 55973ca4647d171a962bc0f59afa2db141ac34419b7c98ae8da53b6e77814fea191c3676ca53f437d35dc75e7f84d65276b58ca5c06de1d691f611149f2d0b14 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | d75e14e7fae2927901652fbab269c730 |
| SHA1 | ee44479e8847815c4cd78fae9065c2dd4e9d4c4a |
| SHA256 | 52f74a706a5278f0b18e57acf9a92bc4f6d2fd60250c6a3752966cf0b34dd2b9 |
| SHA512 | abe933bf9d6c8c65b321f1801890fc1c9f8ba40e81357fea03b59acdb00b9228036e1fba0143c1428768f657fedf690a791c8c962c0f96e6f4c5d54fdd2d7831 |