cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe
Size

8.9MB
MD5

f4c7acb68b667b4321a0b84a2d37f95f
SHA1

6f0dc231b33b89b9d1ec0c745722b85a3ae2f68b
SHA256

cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552
SHA512

34c0471a6fe7fb97d79be134cce4b82a31ef5f53e04e2d79bb7fe712370794c10401e1d8822ddd48ab7ca50d9387d622a787baaf157a12619477cad2b38a4190
SSDEEP

196608:ZYPRWWv9RZ24NTx9Pe20/zkOiu1f+79YRCk:ZYPRWUjQGdCzkOiaf+JYRC

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
3068	cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe
3068	cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3068	cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe

C:\Users\Admin\AppData\Local\Temp\cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe
"C:\Users\Admin\AppData\Local\Temp\cbe9926defc3203b2f589905bb31ac68d5e15c3a93cb042ccc1054ced8886552.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
656967e5f665d9f19fb32bc27d3784fd

SHA1
8679114b745f11caec11109501fde163f5fc5ac6

SHA256
41811cddb41926c7741a3cf91514eacac88b86daffe24aa2056ebf2948ba3de4

SHA512
488dcb1a3137ac669982d6fa2a9e0ad7661a5551eae43948a02f962bcb178ac541cec29388f70d74ed14ca1474d39af676fbf3049f6f81624358bfbd1a157a60

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
19af707a0554069d4153094f7cc83b4d

SHA1
d2189823054aac90052fceb04d057a517908ce4b

SHA256
8e0479c08efc92943db8e40247dc3fc1f3302086de9e6f83d81579da6e2894c7

SHA512
386f1e6e82f562f98c034ab57e93258196060a8d20c60faa2802abb495eece21bf0bed8386377c1aad4f8ae890b05f8db53c4a1e8ad7bfbdcfbb2b0c64620fde

Download Submit