Malware Analysis Report

2025-08-05 14:36

Sample ID 250702-x4wfyagj8z
Target 3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb
SHA256 3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb

Threat Level: Likely malicious

The file 3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb was found to be: Likely malicious.

Malicious Activity Summary

discovery

Downloads MZ/PE file

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-02 19:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-02 19:24

Reported

2025-07-02 19:27

Platform

win10v2004-20250619-en

Max time kernel

106s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe"

Signatures

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe

"C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 37.9.64.225:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cloudcdn-fra-01.cdn.yandex.net udp
DE 5.45.200.107:443 cloudcdn-fra-01.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 9c532044bc00af45e40d04833ef4aec8
SHA1 19286a5fefa8272677c87ab0253864c56c26ee77
SHA256 86849e4117cc96fec8d3954a81889637c0b846e71ea19b6f7f42a31d3ebfce97
SHA512 45b0e06c0215433b44c1676891452ee692b5e70384f00541a9c658706422fee4185589f9cb2abdd2e8d37878ceb097c19e519a056772bb08c1c8de828c1af5a0

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 bcca0afcc2940a8b8d16ca95ca16eb1c
SHA1 a40c39e289e51693ed19f9584b1eb7c044852743
SHA256 8b124ed39c790eb7ff43b086245412ebf29945e3460fbd8d9c19801b7ba58c91
SHA512 3bbb1356720057f5a7b79e9b95e203ad1b5cdc2bd50c2f706dce26cbc7d2c246b74e876ff5e7abf2b1c485f90387618209cdee5977471be70c89b9a1130063dd

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 27df2185e47bf463168ac207ec92ce18
SHA1 6d67963a5287be35c534699c5c9ea0c86c71882b
SHA256 e84daf7b6d347469aa9c7c884bcc7ffd437c96ff33a4abb60ab1e109c132a4db
SHA512 761bf715dd0035843de4ab8456083225f83d1af257ccd931cfdbb91aaa7726254a8a56e8a0be4f65fcfdd09070cf22139555c64bbda6a1c127c7b466070d58f8