0f8bd5faa281caeaa45233854bee3d98e3d1cb18e94eb6876731dc02e81b45c4

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f8bd5faa281caeaa45233854bee3d98e3d1cb18e94eb6876731dc02e81b45c4.exe
Size

7.9MB
MD5

9383352c0700fcadb02226780f59d0b4
SHA1

c3fcf708f947a1d0860cb0b708fc760cd0c82159
SHA256

0f8bd5faa281caeaa45233854bee3d98e3d1cb18e94eb6876731dc02e81b45c4
SHA512

60a108566d56ea334d8c97d325bc56f12f32ae2cd0b1627be918629622969ac829ec873fe1eeea86febe99790d1ceb5fda954f3b9ee01a941deeb85e062672a1
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2696	0f8bd5faa281caeaa45233854bee3d98e3d1cb18e94eb6876731dc02e81b45c4.exe
2696	0f8bd5faa281caeaa45233854bee3d98e3d1cb18e94eb6876731dc02e81b45c4.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0f8bd5faa281caeaa45233854bee3d98e3d1cb18e94eb6876731dc02e81b45c4.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2696	0f8bd5faa281caeaa45233854bee3d98e3d1cb18e94eb6876731dc02e81b45c4.exe

C:\Users\Admin\AppData\Local\Temp\0f8bd5faa281caeaa45233854bee3d98e3d1cb18e94eb6876731dc02e81b45c4.exe
"C:\Users\Admin\AppData\Local\Temp\0f8bd5faa281caeaa45233854bee3d98e3d1cb18e94eb6876731dc02e81b45c4.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
7KB

MD5
7446cca6b6cd414496036520ad968025

SHA1
48a1ef228c05a17530e7e3ced8f2a4f17f72f31f

SHA256
4115bce4182b2169dda89a680be7086d50d7fcfb987e82392db7b6a6d3348631

SHA512
a9230a524b2adc172bfb310f99feab0489fc8c0dbb877868a391342de9138b87945578078a5eac8d075ecf7c548fcdb85a3a7eb6bdbef83ec89a6d2684314e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
297dd3c6621aaa9c109a61fe8d5b00f4

SHA1
bc4d9d8b50d059dc362c1a31a594f1f40f568952

SHA256
24cf4085aedb5643ef5a78f0bb138fbe5b88e30abece313451fe30d118eca45a

SHA512
6b3ea51a154f8f828de0f3331bca5d35b4fef8274c9a6a2e89ba67eae2a8ed20826a57a15a9cb7d9cfdceae506932f74367d14b4e65009d2eb92749534e477e2

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
cfa879d44f5d7536d72c8c0540e5aabf

SHA1
51ea432dfbe97179570dddf091b11d64cb34c13f

SHA256
f925e20c7a748925ac43b2adf0bf763db611064df4dfb73b6b95a08293ce27b9

SHA512
c90a288bb3580caaa2c13a1e9ad3f7b949af4d07ceab94cb665a4008a12c4cf63ad41e6a4947257357f8eb971f3d46a4e878af1db3a232cfd8805e940bec57ea

Download Submit