Malware Analysis Report

2025-06-15 22:25

Sample ID 241109-xrtrkszjaw
Target d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89
SHA256 d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89

Threat Level: Likely malicious

The file d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89 was found to be: Likely malicious.

Malicious Activity Summary

discovery

Downloads MZ/PE file

Loads dropped DLL

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 19:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 19:05

Reported

2024-11-09 19:08

Platform

win7-20241023-en

Max time kernel

122s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe"

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe

"C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.243:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.243:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cachev2-ams18.cdn.yandex.net udp
NL 5.45.247.18:443 cachev2-ams18.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp

Files

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 8a3ed6bf627f8c033b42dc3744c2c80e
SHA1 1a16d4c0fc371924a122d05c21b317a943dd809c
SHA256 a315986ca40390cc8063566544267515340614395a65d78abe450c0e5557dce5
SHA512 6cf611c0bb4f68105dd7a5a800ff1214e8ccf3d4793b175cb32808a35bbd1800a09329c7952dfd250c3cfd9980ecda034d8c79cc0f33b742f9d0f2a79a31845b

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 b99ff9bd18fee4400d29212b3bbf388d
SHA1 ba0d1e819162d1256cf9d69d5f0df0660eb84b25
SHA256 24edcfcd46f8f480d7fe8301953f3edfce20f0950c4a4edef1f86ef33bd2345c
SHA512 33a892cccf824f0110b609d1e6294b40e23499383f593eed720ac1898fc36314f06bf47069f5d260c78478a56e92cb03a90c0d4484a3b306a6302a6dea8d5e9c

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 6f6bc275c2a522efab6f5c653aa387c7
SHA1 3f1d768d1df9738c0db235bc9fe021423be9c7f0
SHA256 046a7387c645023d9dbec41f05252d896d71353342788a713b0773eae93fe263
SHA512 744c46a5d41e79261e2c5e19470aba3b2cad1de3c9d7d6f91eab00c711ecb5eb6148615c2760540e8305cb93831e1f146cf75e442fb14e4e32c5c16fe5ec58b8

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 19:05

Reported

2024-11-09 19:08

Platform

win10v2004-20241007-en

Max time kernel

96s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe"

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe

"C:\Users\Admin\AppData\Local\Temp\d4d25de28857d2067ce2aa252d6821becfaadc3ac7a2bc980816118a12950e89.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.245:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 245.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 234.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-ams18.cdn.yandex.net udp
NL 5.45.247.18:443 cachev2-ams18.cdn.yandex.net tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 18.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 bd455e31198e6c3b8ad7b962cc429e0f
SHA1 63322eb4ec156ec6d89faeb8c42af434ae1343c5
SHA256 3d84933814bd9621ac2d69722aa9139c4ff859e3ef98cd33ebb71cf6e729a531
SHA512 dc9877ffa42c3eb4338e0d058aeeb9161cea52b48a360d54b548c2b30d17c31fcbe0e79dc670e642a5bfc81a91915269373b8bb74946a591d8214594904ba7db

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 990211bac4e9f8930506498405d4f1da
SHA1 2388aa31abbafdeb6fb61fe344e23ee5c16b22af
SHA256 046b6f7b9cdcbc85eb4e65e43ef3e53caa4592849feefb33fe366f3bbd292366
SHA512 55973ca4647d171a962bc0f59afa2db141ac34419b7c98ae8da53b6e77814fea191c3676ca53f437d35dc75e7f84d65276b58ca5c06de1d691f611149f2d0b14

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 d75e14e7fae2927901652fbab269c730
SHA1 ee44479e8847815c4cd78fae9065c2dd4e9d4c4a
SHA256 52f74a706a5278f0b18e57acf9a92bc4f6d2fd60250c6a3752966cf0b34dd2b9
SHA512 abe933bf9d6c8c65b321f1801890fc1c9f8ba40e81357fea03b59acdb00b9228036e1fba0143c1428768f657fedf690a791c8c962c0f96e6f4c5d54fdd2d7831