70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe
Size

8.9MB
MD5

ffaffd5e5b02901863a2de489edb167d
SHA1

728420f4950c2383a6b257a0bd4d578ae664e203
SHA256

70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec
SHA512

7cb0290e9690106600566c8358d6b12e50f8cd4409cd5801e674e9994f7ddb995a06690f4507cd5ff0a3095f75f663c22ad7dfe428a7a4b0e1e3f32ca492a11e
SSDEEP

196608:ZYPRWWv9RZ24NTx9Pe20/zkOiu1f+79YRCk:ZYPRWUjQGdCzkOiaf+JYRC

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

Processes:

70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

pid	process
2872	70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe
2872	70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

pid process

2872 70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe

C:\Users\Admin\AppData\Local\Temp\70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe
"C:\Users\Admin\AppData\Local\Temp\70997d3b29335f157e016d009ba9da2a9f5dc0b9e1808673cdecacba84da69ec.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
2KB

MD5
8bade476eb9f2c8df0c066c26e122879

SHA1
39b36374efc587bf30ebee24b3901b65c1f649a5

SHA256
fcbacd399c6246af362cc218d50a494e0eb7780fde2b894b3b8afa3290557f9f

SHA512
525cd4b776bcdc297907245851bf49dae3583bde1a4ec75c511a893db1002cad3916cd3618ff808f33de60109bc11f2cfd872f95b5b05fd7183f23a1a77b0279

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
10f3ca1f3d15b31486b8648f05a4dc89

SHA1
05f791816d07a84de241cf5259c57a3bed28a777

SHA256
3ed2def26644f896e807277e0f991813daf398c94c798ff7d85a188cb954fb63

SHA512
1b249b38ad77c070439e066a450c92fa0ee16de799d3ffd794f6f3f1153ff0457c81975db8538db0d7a1fc35bd136e3018203d3678f8d0efacffc13f6a19aefc

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
47ae61f36cf262ac18e9c1cc356e9473

SHA1
23e57a7f35f51af065da55693b9f9bbee4c15189

SHA256
322b9fc4352728b26e7fca818ed6db30e160af0bcfb158bc51a8578e88abe3f2

SHA512
a81f94963eaf4671d00154af232635162bb5f7691f0a08d749149665de70992658df5c5e30908a28837796688ae64ccbc9ceecf36d2fbf3ef3755f2403ac000e

Download Submit