2b9e17cf46c47f9813ad98e0a94e166e4d7c845669c5191afb11d68beb493903

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b9e17cf46c47f9813ad98e0a94e166e4d7c845669c5191afb11d68beb493903.exe
Size

8.9MB
MD5

08ee64ba329f000078b629a069befb51
SHA1

d10e67efe23c94fd53951694c2a728c5e7d5cd40
SHA256

2b9e17cf46c47f9813ad98e0a94e166e4d7c845669c5191afb11d68beb493903
SHA512

b16e52dcdf33e769894a048d43fe19c4461520937c7edb2ff8fcfd60968be3acfac4c005c44ea0dbbcdfd09f04e7d90b56b697310ee44d176bb28e9cd62f2437
SSDEEP

196608:ZYPRWWv9RZ24NTx9Pe20/zkOiu1f+79YRCk:ZYPRWUjQGdCzkOiaf+JYRC

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2168	2b9e17cf46c47f9813ad98e0a94e166e4d7c845669c5191afb11d68beb493903.exe
2168	2b9e17cf46c47f9813ad98e0a94e166e4d7c845669c5191afb11d68beb493903.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2b9e17cf46c47f9813ad98e0a94e166e4d7c845669c5191afb11d68beb493903.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2168	2b9e17cf46c47f9813ad98e0a94e166e4d7c845669c5191afb11d68beb493903.exe

C:\Users\Admin\AppData\Local\Temp\2b9e17cf46c47f9813ad98e0a94e166e4d7c845669c5191afb11d68beb493903.exe
"C:\Users\Admin\AppData\Local\Temp\2b9e17cf46c47f9813ad98e0a94e166e4d7c845669c5191afb11d68beb493903.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab896C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
abab1eecccea432b4ced57d69faae84f

SHA1
cfc1fe48a67d04ffb9c4eab52e2975a450ca1330

SHA256
6b5b0819e8abe08d829caa57c0008a7b5d12b5a2f1ba309dc075321d29e8c81e

SHA512
0440892cf66893f02fff5a8e11440844e50c6e3775533127c0d1745cc24d76a4bd94689373a10b9c11902dc67a04a1fe8657a5963a031509b06fb9317d08ec7c

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
068c90671bd7c78b15c90312f836ee75

SHA1
15b7ceffc36a471f9c0a7eefceef8ce4e54241c5

SHA256
39364bc31ca1d0a4820616325d2a51c95c86be55c5a818bad1b1450267c35902

SHA512
2f6b8b7edfc71567e6219b62e7d129abe11ce2d9bf28f87a62d0c2b0f03897550ad3d8b0d3400b9b537eea586a42c76d1cc7d4250d492efbfaf18ea64fb34810

Download Submit