Analysis Overview
SHA256
3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb
Threat Level: Likely malicious
The file 3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-02 19:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-02 19:24
Reported
2025-07-02 19:27
Platform
win10v2004-20250619-en
Max time kernel
106s
Max time network
144s
Command Line
Signatures
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe
"C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 37.9.64.225:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | cloudcdn-fra-01.cdn.yandex.net | udp |
| DE | 5.45.200.107:443 | cloudcdn-fra-01.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 9c532044bc00af45e40d04833ef4aec8 |
| SHA1 | 19286a5fefa8272677c87ab0253864c56c26ee77 |
| SHA256 | 86849e4117cc96fec8d3954a81889637c0b846e71ea19b6f7f42a31d3ebfce97 |
| SHA512 | 45b0e06c0215433b44c1676891452ee692b5e70384f00541a9c658706422fee4185589f9cb2abdd2e8d37878ceb097c19e519a056772bb08c1c8de828c1af5a0 |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | bcca0afcc2940a8b8d16ca95ca16eb1c |
| SHA1 | a40c39e289e51693ed19f9584b1eb7c044852743 |
| SHA256 | 8b124ed39c790eb7ff43b086245412ebf29945e3460fbd8d9c19801b7ba58c91 |
| SHA512 | 3bbb1356720057f5a7b79e9b95e203ad1b5cdc2bd50c2f706dce26cbc7d2c246b74e876ff5e7abf2b1c485f90387618209cdee5977471be70c89b9a1130063dd |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | 27df2185e47bf463168ac207ec92ce18 |
| SHA1 | 6d67963a5287be35c534699c5c9ea0c86c71882b |
| SHA256 | e84daf7b6d347469aa9c7c884bcc7ffd437c96ff33a4abb60ab1e109c132a4db |
| SHA512 | 761bf715dd0035843de4ab8456083225f83d1af257ccd931cfdbb91aaa7726254a8a56e8a0be4f65fcfdd09070cf22139555c64bbda6a1c127c7b466070d58f8 |