adec0f0f3c2c0e8aae56d1d34a4a6d87f84953fce1c9b93ef8f2ae407779182e

Analysis

max time kernel
122s
max time network
103s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adec0f0f3c2c0e8aae56d1d34a4a6d87f84953fce1c9b93ef8f2ae407779182e.exe
Size

8.9MB
MD5

eddffc7330dccbc25a225582a9a4be6d
SHA1

64b0fe00b896a0acdaa399b5ee2036a4230ccb6d
SHA256

adec0f0f3c2c0e8aae56d1d34a4a6d87f84953fce1c9b93ef8f2ae407779182e
SHA512

11dcb26ace057a5e1f6ab819310841bce09039766d361829c4454de73e8373a4b62632312ed9e18c55216b70baf17f56d5b4b4d64100cb7357318574ebd68981
SSDEEP

196608:ZYPRWWv9RZ24NTx9Pe20/zkOiu1f+79YRCk:ZYPRWUjQGdCzkOiaf+JYRC

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
3044	adec0f0f3c2c0e8aae56d1d34a4a6d87f84953fce1c9b93ef8f2ae407779182e.exe
3044	adec0f0f3c2c0e8aae56d1d34a4a6d87f84953fce1c9b93ef8f2ae407779182e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adec0f0f3c2c0e8aae56d1d34a4a6d87f84953fce1c9b93ef8f2ae407779182e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3044	adec0f0f3c2c0e8aae56d1d34a4a6d87f84953fce1c9b93ef8f2ae407779182e.exe

C:\Users\Admin\AppData\Local\Temp\adec0f0f3c2c0e8aae56d1d34a4a6d87f84953fce1c9b93ef8f2ae407779182e.exe
"C:\Users\Admin\AppData\Local\Temp\adec0f0f3c2c0e8aae56d1d34a4a6d87f84953fce1c9b93ef8f2ae407779182e.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CabF3E3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
78be480711e1b2fbf576c2f61dc9460a

SHA1
aae476de3f067a2c28823fa4b45a84cab767f5dc

SHA256
874f8be80ee44d36827f3b9ce5011a49d8be48203d11775ec1fde4d95c777fb1

SHA512
f83d0119f75da9d5a72b3608c33a434fedf454c12aa37e896bfaf1965828e7cf3ef5195894d647f5e7ff17b5c4ba6e3fa07d73eca9ea30bde42a6310e7e1eda4

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
ececec230527c83b27d77174c215f7ef

SHA1
1a2bb9f02e16f8a61ec6522de5676c8444fb9e6d

SHA256
5c70282606ae7f8ea42c72b97248908b319a3ea79db48b466a2448317577a610

SHA512
f1e52c957fa9d20c7fd9381baa0a999aba952c3a71bf1ea05298a8803892ce2214e455311c8a97e4bb56866ba48148b37b65b1a09a09b6e492fbcbe1a3bc07e1

Download Submit