252d5af9c304aa9a17b029f19e3c3cb2d113425cdb34fedb4ff65618103b1418

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

252d5af9c304aa9a17b029f19e3c3cb2d113425cdb34fedb4ff65618103b1418.exe
Size

7.9MB
MD5

20c2be9b01d064c2b7b3cdfe1c3cd4aa
SHA1

d632390b6e49cbe3cda1cdcd2a4e7d4244ba2f4e
SHA256

252d5af9c304aa9a17b029f19e3c3cb2d113425cdb34fedb4ff65618103b1418
SHA512

8e39fb947686576983bc02f3a87e36655860872b8e7056f32a395ab0f5889047865925f69dba8a0868d8a4b0480558efa3aedd2030868726f10d9bb16f138002
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
1940	252d5af9c304aa9a17b029f19e3c3cb2d113425cdb34fedb4ff65618103b1418.exe
1940	252d5af9c304aa9a17b029f19e3c3cb2d113425cdb34fedb4ff65618103b1418.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	252d5af9c304aa9a17b029f19e3c3cb2d113425cdb34fedb4ff65618103b1418.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1940	252d5af9c304aa9a17b029f19e3c3cb2d113425cdb34fedb4ff65618103b1418.exe

C:\Users\Admin\AppData\Local\Temp\252d5af9c304aa9a17b029f19e3c3cb2d113425cdb34fedb4ff65618103b1418.exe
"C:\Users\Admin\AppData\Local\Temp\252d5af9c304aa9a17b029f19e3c3cb2d113425cdb34fedb4ff65618103b1418.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
702d71df53304d8eb509584fff0fee1b

SHA1
1eba221fd0065d577bf5314e3cec59a7ca98b187

SHA256
901a297c76c219fd68e96455fc45e5aa7aac6309106873084da08cf7be22678e

SHA512
c3b5b58f000549c8509243b4f838dac6f0d3fd72e3306040ce6592b9b82ad5fe3d8854cb6beb3ac91093e31e7a4d86b04e8e70f9286303b81f98454ff22f9c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
0208a91dd0273f586cf53168e5ffc3e7

SHA1
1e7e2e224737e62f0e83a55afc90a7366c74aaa2

SHA256
1fdbeb6d525bc7da6e7a49a444e9374f45d47cc4d526070de2925f18df95a5ca

SHA512
3744adf234e2be130373d193f57578391923cb703f065cf208402297937d66a12c25b0d269f2e2b6fb26abc048e5ad55f1b94c2f4d1f4c0eb5f17f45b505883a

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
146bea8ee88c550f58f1d1baca78dfdb

SHA1
ceb9d6e7b7b5d0c84aa553e056bad8f3e2b7ffce

SHA256
fece02dfd2fc96832c29e8c6078afae7b60db2f62edd998bbf44ad6d2fdb4911

SHA512
bcb9d19fb7bcbaa2770bd9f9f9026fd68a025874334947749fffa37178b7bfdc0f4bf2134e18c0cf18a966504c9bf225595b2700d8fe2daedfb2377010a3e435

Download Submit