ef9f014415fd0b62d33ca6d3e06f97d1e245d9780754d29b7bf818a8d4b1a030

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef9f014415fd0b62d33ca6d3e06f97d1e245d9780754d29b7bf818a8d4b1a030.exe
Size

8.9MB
MD5

96f06934e9fc5d47f32edbbbc443ec66
SHA1

315320549cf664d7a836161ba56e6a2177898c6f
SHA256

ef9f014415fd0b62d33ca6d3e06f97d1e245d9780754d29b7bf818a8d4b1a030
SHA512

9b8c4f5a4c6d54b04157d6ffeeb849ba605ee1727fd43aad5de07e16ce116634e63a7a15f75710bf2ab1ebdf04b1e5d6d7edeaf5b927c356e63209128d7400b8
SSDEEP

196608:ZYPRWWv9RZ24NTx9Pe20/zkOiu1f+79YRCk:ZYPRWUjQGdCzkOiaf+JYRC

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
552	ef9f014415fd0b62d33ca6d3e06f97d1e245d9780754d29b7bf818a8d4b1a030.exe
552	ef9f014415fd0b62d33ca6d3e06f97d1e245d9780754d29b7bf818a8d4b1a030.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ef9f014415fd0b62d33ca6d3e06f97d1e245d9780754d29b7bf818a8d4b1a030.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
552	ef9f014415fd0b62d33ca6d3e06f97d1e245d9780754d29b7bf818a8d4b1a030.exe

C:\Users\Admin\AppData\Local\Temp\ef9f014415fd0b62d33ca6d3e06f97d1e245d9780754d29b7bf818a8d4b1a030.exe
"C:\Users\Admin\AppData\Local\Temp\ef9f014415fd0b62d33ca6d3e06f97d1e245d9780754d29b7bf818a8d4b1a030.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
8414cc0dc50dd220f828c707d6dfbe76

SHA1
ae659cd5632992f8bf2a669c182175457d9e5fce

SHA256
e2efc39dc32420d496e077b90e82b6e7cca04221f19f9e242a40261dcce571c9

SHA512
ca2c946e97c7c9dd44c77f44796480b347444e553d1cca1f946a4e1c0d35c489f67bdc0a59c07026fe1d419e22d6d7c7cdd1dd67e2b3f4ad140c85dadb620b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
6b9b65e280cba1ca2f408b5e2040e742

SHA1
6a197b639872c878f57805e0314bf55bbc09974f

SHA256
89ffa4092edd3367dceb99e168968e8b3a2caaa46d0f4aa8c79384f0df23e6f8

SHA512
26bd712ba8e29d969325160080e4c8cad0da246a2fde02a23a6a9f8555ca4afd42fefb7f80891436661e4633a6a93c8bd4d943ffcba90fe2c0130e74be7751f2

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
7cc4ed912150fe7634ff72c3d7be7474

SHA1
83d14e30db644a177e65556888995a185f33710c

SHA256
b96dfd009b38a99630c1318806dd9a33aad01cdb2f546ec115aefb481021968e

SHA512
82fa355fd8ee0dadfd26774d44ec0af58aba8137926b637d9243a399cd1b583bbcd7e1052f1b2d7f050af5f710f0d8b862d5acb09255293ae16b9bb1120eeef0

Download Submit