Malware Analysis Report

2025-05-06 00:51

Sample ID 241109-y9maws1hlf
Target 698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0
SHA256 698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0

Threat Level: Likely malicious

The file 698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0 was found to be: Likely malicious.

Malicious Activity Summary

discovery

Downloads MZ/PE file

Loads dropped DLL

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 20:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 20:29

Reported

2024-11-09 20:31

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe"

Signatures

Downloads MZ/PE file

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe

"C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 5.45.205.241:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 241.205.45.5.in-addr.arpa udp
US 8.8.8.8:53 234.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 cachev2-ams21.cdn.yandex.net udp
NL 5.45.247.25:443 cachev2-ams21.cdn.yandex.net tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 25.247.45.5.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
RU 213.180.193.234:443 api.browser.yandex.ru tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 1271a377225b3ca9af0bdffd7724a9d6
SHA1 11dedd0da6ec79edbfa808a761e54321796e1f17
SHA256 02d1e9aeb6837447ba6dead6259e5cf550f2b3b15f4e12821b900990708b8faa
SHA512 c522f9c686db77b7bfdf10cda8afba85e2247414799ad0479285309a7228a2112a8d9b674e07d54a64d4f0e298872d5e6d2f11304750912425e66f38d0789576

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 f17f8c1c67e4e87fc4cf6aaa5c0d1a5f
SHA1 b3bef0f801140386f9a6d87b8724e721227efe0a
SHA256 e4da63b0b3140be90d32e497797abf0a3cc5cb3840067092edf10b3c01c6d502
SHA512 485a2fec0ff427a456202b9f2b3b7e00367f9768aa79ca8f37dde40f4528144b545295ba84ae7c16cedaeca26e7b9e627600eb693e17eb8498615fafe52f321c

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 30fae0a997840ab988bde35d77b63b84
SHA1 e0883759f4aaaf3ed04e9c80a6d296d2d75104cc
SHA256 66dc0904fb427baa9fd7270ea969fba3bc02018c6085bb8f4dc53eb5dd91feca
SHA512 de8adaf6380d1f8af207b7dfba2c8821a961114c18a473972ac3f2b6c4988546133c5c33d93c98792ab68177d41712907730fd1fe436abc3a37111b100b09337

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 774bd540cbc29512a91919d365af3a24
SHA1 7fc0e452c95c61113fc4190f4b8189d23fd62130
SHA256 cd65aeaedce7e82f7dc8b4b1e7b62e64a12e030b527ebaffec153a5504233ec8
SHA512 b104b6a8b8ef6049931c98d85d6aa0438eb9277648cec40b855509a744ec82c5ccb720e960abd4d555a1580ea3592a7534b12afe1e080289e1272fb359108bb8

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 20:29

Reported

2024-11-09 20:31

Platform

win7-20240903-en

Max time kernel

122s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe

"C:\Users\Admin\AppData\Local\Temp\698320bfc83fe8622cfef19e9ddab7ccda6408a2d99f1ad777f8ee2d2c9b84e0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cachev2-fra-02.cdn.yandex.net udp
DE 5.45.200.105:443 cachev2-fra-02.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 5.45.205.242:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 743cd074259af7c9e52368bae392a287
SHA1 41f70d8894e472db9a465869f449ef3a77c68985
SHA256 b0b5b123f4da479a31d58ee6aaf7fb4861f0a2b89ed6e1b53338081bd3b7f79b
SHA512 09de9b545d02c46752c8dc430b5bfd283082439b4c8a1e778aca50e9fa13702cd5a9e9565ee0dbf7ff09c99eb6503dcc7da7deaaf7d783091ca4753322cedb94

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 bdbcdf7909c8899c2c18b275bec90c5b
SHA1 c6331080ff8d5b928146bb83538f61217b712131
SHA256 6e98235c03544aa1ddb334e9b9cb0a30beaf557280bfbc2025936fdca5dd8f9d
SHA512 9cb8a622d30b996bdd9e1a5cc9e0b268c2537d3c25d66e15a49da86cf87db031e2bf570bffe2a97d771710fcfab30a02350c140a5fcf525bb3a7fd1ba93fd49e

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 8cf02291599cdfe9a14fd57ca32a8f10
SHA1 97c3052efab77f3006d93921adffd0014e59b6c2
SHA256 1fa90e0f76ea8f33215d6254f786144b4c2c3baa9e317ba22f9312104ddb63cc
SHA512 6480c4d4979253521a57b24907b0e875e039e33bf6513e59ffda7e7c63f24085155265d4c339adb8c5907b129889cf79eab0643b29d9dd7e346255cb146fdb0d

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 cbd4285a5ec10ce6ac529f0f5472167b
SHA1 ddd66107033720d7b2835ea61d8b593a66102b75
SHA256 bb69b078beccaa20af66382d34b8cf22f8a9b8960283564adc220f2451344c63
SHA512 353f6d8d696af7ef748ced4d10c1ca164531275bc44c116a085c45d6596ef8e3d2efba6adbebf6b90819a8f2b4c028d25db34705414d2dd3ceb37aec11ca6c3c