d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe
Size

7.9MB
MD5

bd00b517b0b69429ebbe41257d17f3cc
SHA1

2a5a0f76e2b829145017d5e046c3a21c748b8f91
SHA256

d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44
SHA512

b60ec24580557f4a467bf00eaea13d0558e6eb0e98a66380a0f66efd6bb3686af8f7af0c4aec94c2d6b6e36f4845e45782560130795ba86802352f038c2ec10b
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2956	d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe
2956	d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2956	d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe

C:\Users\Admin\AppData\Local\Temp\d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe
"C:\Users\Admin\AppData\Local\Temp\d81d61a1f406f46310127fd150aa479b27a08455858d20983240010fff832a44.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
b014e604f7a7a6442543619736e0d8e3

SHA1
209d45113fa2fc3402d84c7c54ff79c0b1856949

SHA256
02b9a0fc3ba2e6ff7756bde03244de2e5fdce4e1cd9da4426144868c0f161753

SHA512
af6105e3b941e27b801b7bee9287d83f1b6c23606ad4af5f0dd22d4e54cb2a7b4fa7492a2ffdfa839fa517fb93f88eeb108b4905a5656f8f5a998b6992b43b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
368a2e761a5e3bdc2f7ed0f46ab81844

SHA1
2a60490c52086dfc59069e28f34624a16e409196

SHA256
ff2a98cbd3648e7f587a8b6f1b386bd2c2544575f70d67cfea18efc73c13cb74

SHA512
be158d5b240cd0e6e9977be79bd0d661300f1f839773e4cdee1ec833497acc59bfe55f4de14f03516a80ecc91e9a1b818b6d8a3ba6b5d4f3076505a4ba8c5520

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
de66ff5fac59b8bbd4764117156c6e10

SHA1
59277683c7f24067df8eff2353249c509e4e5870

SHA256
63230d03b66110b3e8c2eb0126a5a706b3c3f096d72dceb30733965013d49977

SHA512
73d9b4f9f741bc48db3ca8c92552db345a9f244030e759044be4a7dc36a46086e590d231e4309115612a437e2414381a1faf3a363ac438ff29dd1c0557959dc9

Download Submit