6e90cb395826e61fe44dbad345b9e49b92ff2acda5766e1f360dab0df8649d9f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e90cb395826e61fe44dbad345b9e49b92ff2acda5766e1f360dab0df8649d9f.exe
Size

7.9MB
MD5

e8602f2cf9b83cacacf4f8e11d364ac7
SHA1

c7efffc95747eec45b53f20091d4f3ef14e82fc5
SHA256

6e90cb395826e61fe44dbad345b9e49b92ff2acda5766e1f360dab0df8649d9f
SHA512

9335fa0e93d546aab2aa7296cf4249a7ba17d9df4eb455205775cf6f486f8470fe9e2a375b5a176b849414dc6367895f4e2e60b0f97c1b96c605107719b39c4e
SSDEEP

98304:Xg49ZaYwsmJdj9PfPHRCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iafD:XgP34NTx9Pe20/zkOiu1f+79YRck

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2112	6e90cb395826e61fe44dbad345b9e49b92ff2acda5766e1f360dab0df8649d9f.exe
2112	6e90cb395826e61fe44dbad345b9e49b92ff2acda5766e1f360dab0df8649d9f.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e90cb395826e61fe44dbad345b9e49b92ff2acda5766e1f360dab0df8649d9f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2112	6e90cb395826e61fe44dbad345b9e49b92ff2acda5766e1f360dab0df8649d9f.exe

C:\Users\Admin\AppData\Local\Temp\6e90cb395826e61fe44dbad345b9e49b92ff2acda5766e1f360dab0df8649d9f.exe
"C:\Users\Admin\AppData\Local\Temp\6e90cb395826e61fe44dbad345b9e49b92ff2acda5766e1f360dab0df8649d9f.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
6KB

MD5
f7d7f89ac3cb3c9ca0dc3ebac628c0c5

SHA1
751c6c22d2c651d8328a2d4f85d7e1e208621c98

SHA256
b17fbbad0f84117b14c69970eadb626eac3368fad56a4ac1d74d5bcddcdcef42

SHA512
895fad07c6f7191ec9e5b56f70ae64f75c18151f8f3d7167365bc4c8239435b139090ac8b957bfdf06ebe829a8d42cc21cd1297174fff69efae828d3dc3c8723

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
7c267a640d396d2a854ad2d4b01e515a

SHA1
c4a4698820154d11ab715efa060c810284a89c60

SHA256
0207dbd692218e653238283b8e924639c4e3f1d8c60b12b92f9b4ec7f2be3fd7

SHA512
74304392316c535be466d6efbccc77360978bb1db211520a1ad1ae9f51eb8a4853662ee407d904c32ca13ac07e34b7644caf8a25b1bc3852e09f8885d6d33b9d

Download Submit