6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe
Size

7.9MB
MD5

6d2d59a69c0e3e8ec0507d66b15e5d55
SHA1

7ac8e562f54e9eade403b44f23a0550c5f1d6360
SHA256

6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e
SHA512

3abf36a8de832de046eb960327c2ed06a6e7ff6a4b89999d3f103edf10ff4c6b2a3a7aeabd56d86095babf82ab308a8768eb6299662b57f9db08f7d9fac036e7
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2120	6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe
2120	6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2120	6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe

C:\Users\Admin\AppData\Local\Temp\6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe
"C:\Users\Admin\AppData\Local\Temp\6e32636ee6b41e82ff471c0526ff26facebc77c6dd4b357940687377f0f95b1e.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
5194ade3eb1027f9197afef8fb7f1357

SHA1
3cfb949300bdb863b48ecb13a2d306abee9f37b5

SHA256
85cd4d9ce651ce5f995a77f6dc050f21c538aa6cc0bbdec71e9c203b465cedd1

SHA512
e2128408f6f1a16ccc15253e5e587f1720daa895361d351c33af0d01b67f183eeef1fd4fe011e53b1f1e72220dd118c0f4e60bfd74b8233bfe5265bf7c2f1a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
6053583f1cbeef42c9c575daf30bc4ae

SHA1
7684464524c9fab9c5f9d8148356137c5aee1375

SHA256
84666a309d222fcc54c5fcbba1f689fb1cfd81551b35217a309017b061ebcb4e

SHA512
5969202fddbe5b38a482e3c8a41e48228fc6fadce784a2cfe37e203254c8cddfcd3220b17c090e2d572cbaf52fa29e70440cc42f9115937c0adfc78e8a7fafd5

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
7800db461e9291a2acdb33de7510e169

SHA1
4b93b912179e8160a8dfdb47b1267ebcdfc9d88b

SHA256
16f084209120767a3777e5cb2b7b31161d326661f3d7741e4a30815ecd8ab7e1

SHA512
c06560965f16d8a6a2759073120f41bb1e9e2819e465e8dc0ea554d72b65c7de98b1c5cdd2f92c9c71a814db55fba5f977af1a3a40ffdca843ab9a12f7b33143

Download Submit