Analysis Overview
SHA256
698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0
Threat Level: Likely malicious
The file 698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 20:29
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 20:29
Reported
2024-11-09 20:31
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe
"C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 5.45.205.241:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.205.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cachev2-ams21.cdn.yandex.net | udp |
| NL | 5.45.247.25:443 | cachev2-ams21.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.247.45.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 1271a377225b3ca9af0bdffd7724a9d6 |
| SHA1 | 11dedd0da6ec79edbfa808a761e54321796e1f17 |
| SHA256 | 02d1e9aeb6837447ba6dead6259e5cf550f2b3b15f4e12821b900990708b8faa |
| SHA512 | c522f9c686db77b7bfdf10cda8afba85e2247414799ad0479285309a7228a2112a8d9b674e07d54a64d4f0e298872d5e6d2f11304750912425e66f38d0789576 |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | f17f8c1c67e4e87fc4cf6aaa5c0d1a5f |
| SHA1 | b3bef0f801140386f9a6d87b8724e721227efe0a |
| SHA256 | e4da63b0b3140be90d32e497797abf0a3cc5cb3840067092edf10b3c01c6d502 |
| SHA512 | 485a2fec0ff427a456202b9f2b3b7e00367f9768aa79ca8f37dde40f4528144b545295ba84ae7c16cedaeca26e7b9e627600eb693e17eb8498615fafe52f321c |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 30fae0a997840ab988bde35d77b63b84 |
| SHA1 | e0883759f4aaaf3ed04e9c80a6d296d2d75104cc |
| SHA256 | 66dc0904fb427baa9fd7270ea969fba3bc02018c6085bb8f4dc53eb5dd91feca |
| SHA512 | de8adaf6380d1f8af207b7dfba2c8821a961114c18a473972ac3f2b6c4988546133c5c33d93c98792ab68177d41712907730fd1fe436abc3a37111b100b09337 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | 774bd540cbc29512a91919d365af3a24 |
| SHA1 | 7fc0e452c95c61113fc4190f4b8189d23fd62130 |
| SHA256 | cd65aeaedce7e82f7dc8b4b1e7b62e64a12e030b527ebaffec153a5504233ec8 |
| SHA512 | b104b6a8b8ef6049931c98d85d6aa0438eb9277648cec40b855509a744ec82c5ccb720e960abd4d555a1580ea3592a7534b12afe1e080289e1272fb359108bb8 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 20:29
Reported
2024-11-09 20:31
Platform
win7-20240903-en
Max time kernel
122s
Max time network
129s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe
"C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 5.45.205.242:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | cachev2-fra-02.cdn.yandex.net | udp |
| DE | 5.45.200.105:443 | cachev2-fra-02.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 5.45.205.242:443 | download.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.22:80 | crl.microsoft.com | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 743cd074259af7c9e52368bae392a287 |
| SHA1 | 41f70d8894e472db9a465869f449ef3a77c68985 |
| SHA256 | b0b5b123f4da479a31d58ee6aaf7fb4861f0a2b89ed6e1b53338081bd3b7f79b |
| SHA512 | 09de9b545d02c46752c8dc430b5bfd283082439b4c8a1e778aca50e9fa13702cd5a9e9565ee0dbf7ff09c99eb6503dcc7da7deaaf7d783091ca4753322cedb94 |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | bdbcdf7909c8899c2c18b275bec90c5b |
| SHA1 | c6331080ff8d5b928146bb83538f61217b712131 |
| SHA256 | 6e98235c03544aa1ddb334e9b9cb0a30beaf557280bfbc2025936fdca5dd8f9d |
| SHA512 | 9cb8a622d30b996bdd9e1a5cc9e0b268c2537d3c25d66e15a49da86cf87db031e2bf570bffe2a97d771710fcfab30a02350c140a5fcf525bb3a7fd1ba93fd49e |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 8cf02291599cdfe9a14fd57ca32a8f10 |
| SHA1 | 97c3052efab77f3006d93921adffd0014e59b6c2 |
| SHA256 | 1fa90e0f76ea8f33215d6254f786144b4c2c3baa9e317ba22f9312104ddb63cc |
| SHA512 | 6480c4d4979253521a57b24907b0e875e039e33bf6513e59ffda7e7c63f24085155265d4c339adb8c5907b129889cf79eab0643b29d9dd7e346255cb146fdb0d |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | cbd4285a5ec10ce6ac529f0f5472167b |
| SHA1 | ddd66107033720d7b2835ea61d8b593a66102b75 |
| SHA256 | bb69b078beccaa20af66382d34b8cf22f8a9b8960283564adc220f2451344c63 |
| SHA512 | 353f6d8d696af7ef748ced4d10c1ca164531275bc44c116a085c45d6596ef8e3d2efba6adbebf6b90819a8f2b4c028d25db34705414d2dd3ceb37aec11ca6c3c |