Overview

overview

7

Static

static

3

AUGUST ODER.exe

windows7-x64

7

AUGUST ODER.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2023, 06:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    AUGUST ODER.exe

  • Size

    310KB

  • MD5

    e76a64c4d5b2e65dcdde22d47f0c6cfc

  • SHA1

    7443d7ea37eb5992a264a9dbb4bcb4b81df1e0f4

  • SHA256

    b6b2b89e880bddb6817fc3da22e4cf9a0e6f823667f8d3eb5de2e8943f745405

  • SHA512

    50691f99c28a9bc23bbe7b8e931d1bcd71ae95b42816f71dbe8aaf74cce70cd51752a5c39e1ced5091842b2c43d6ab1d35d5fa3964f3141eb5a9e6d0708af025

  • SSDEEP

    6144:/Ya6GGI+f+dvDN116rfEQk/f5tko1oPii2g5GI3/j9uQe4nVLUMwURfoikN:/YIGI/16LqtaKi2g5GIvj9uanVLPrRZQ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 62 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AUGUST ODER.exe
    "C:\Users\Admin\AppData\Local\Temp\AUGUST ODER.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Users\Admin\AppData\Local\Temp\AUGUST ODER.exe
      "C:\Users\Admin\AppData\Local\Temp\AUGUST ODER.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4524

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsd8DCB.tmp\lrjld.dll
          Filesize

          86KB

          MD5

          c0fb0873781ac6f51a3bb865461f6dcf

          SHA1

          65ebea7373197e2fcb0100ff9552430b997bcf31

          SHA256

          a6127d83f52f428744402cf160969ee71ded617fadaa13a15c9d1c62e372963a

          SHA512

          bdd09ea9b0d7eb07f47bda8c61ba917eb483eba29c3bc907b108d1e416ea49e0f8a5f9fa31391646ae8670ce632a52d63bff11b44ad669009605c6f320c0a953

          Download Submit

        • memory/1620-139-0x0000000002430000-0x0000000002432000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4524-140-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4524-141-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4524-142-0x0000000000A40000-0x0000000000D8A000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/4524-143-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download