1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe
Size

7.9MB
MD5

8439e6efe0d12a68bc2b390d08800f98
SHA1

b695cadff5219e364f175361aa34cdbd8472eca4
SHA256

1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df
SHA512

2c22d7156cdab893bd77cf46c8beb3d20d0aedc5e68d3aca554ba996e6a1bed296dedb945c8eafd6f899078bbc4cafba908c40c0bba62668206bd63d2821a719
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2808	1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe
2808	1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2808	1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe

C:\Users\Admin\AppData\Local\Temp\1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe
"C:\Users\Admin\AppData\Local\Temp\1fc99a4b309e6fb8f778f1ea6159ec7b92ce1b91700ea93ce25352b3c98551df.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
048b27e419fb36620343a455b8d2312f

SHA1
4a55ace5e445027f77a00c0317b044e3da6f109c

SHA256
c785b149e17209c22b8a727e6c21a5c7f9aad41ca42100ff1be0d0854cc9009b

SHA512
882d2d97d0e09bc7f431282dfd472efe7de6dd072a38da1aaebbbdcdf42e9a44886a3bde82e5efdce3a4f574b225a4706eab0520f2bf609578700aa760b6702c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
df3bd79d2535bb1a27b104f90685baf8

SHA1
e7b3aada9b30840bc843541599bbb859b0cfa492

SHA256
f9ce6684862b4ad0db065fc578ec1d99f7f30eb7ee161e9733409acc1280718b

SHA512
489d26a72deff1e42fcb1def97c267f78cca7a360f314b37843333bcd6ae28001356165512932db8ca20b73dbab4f70757277e1347e59d49bd38ad8456fe312f

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
507eba90d3da75f97a2b3225aaf36797

SHA1
3d0f345ae61cda3bf780638f60c0f5668e131732

SHA256
eb8886104ab3c594d4c9a1147abfc47108041fffbefe33ddfadeff3b9e58a359

SHA512
3cac3b3b99783ce19f7ed768aae85c97556f0da3d11ce6a1bccf96a11f39474afa98e38a3ca730a3aaf4c7a291b1949e73fc08cd3a4406469e12e18e7da876bc

Download Submit