Overview

overview

7

Static

static

3

3877cb4709...3b.exe

windows7-x64

7

3877cb4709...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3877cb470962772f623b933bbe1a5fcb454a4357034a6b412e60aaca8c22f03b.exe

  • Size

    2.7MB

  • MD5

    04a4c8acc7f3c845e0e0dd81d0283ff3

  • SHA1

    c7fe2fc1a51583fb7b2825506f7407d38ff44e06

  • SHA256

    3877cb470962772f623b933bbe1a5fcb454a4357034a6b412e60aaca8c22f03b

  • SHA512

    c6243d37c61c1f28d42d06792622e2e646aa364cf9cfc34a93efdc48b621d4e0d5526fbaec2c81a8fd60706aa49f2cc1912e341eefbcb1c315e86eb65aeaf6eb

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSps4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3877cb470962772f623b933bbe1a5fcb454a4357034a6b412e60aaca8c22f03b.exe
    "C:\Users\Admin\AppData\Local\Temp\3877cb470962772f623b933bbe1a5fcb454a4357034a6b412e60aaca8c22f03b.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:700
    • C:\IntelprocFU\devoptiec.exe
      C:\IntelprocFU\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocFU\devoptiec.exe
    Filesize

    2.7MB

    MD5

    c0d629e2b4520fbe58195706b33825a1

    SHA1

    3a2628f100c7ced8bfac5d83a4966c69b858778c

    SHA256

    9dd5b2a2b4f8f7ebffb5aea9c1dc6d487f688d8204cf864d9ef45cf0a1a7e5ff

    SHA512

    11a47dc2221b38f24d5700ca415ca5dedb19e4fa2f19f4e6ef9255473d8d495899636e008016a57f3683ed2d435f4a765979b675d8cdc807074f70262db72be2

    Download Submit

  • C:\LabZ36\dobdevec.exe
    Filesize

    2.7MB

    MD5

    435f0413136c1c99f8aacc5e72dd5ace

    SHA1

    8e19f53c5bdc69a3325af1f36ba9df12c027785b

    SHA256

    4003b6a0768922fa6a5f3baafd57025a79cfff7cf0aa60551c22c0cada4309ee

    SHA512

    78d1c82a26b84e3da5d5e4fd57e6d8717b04bcf1be292a00feacef1506d81187152d5a99314ece920f0aa4ab3580628f0c832e432c9fce6cfe04e26494db073b

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    208B

    MD5

    9687859568ef6420f3b21638b702f25a

    SHA1

    3477bd7e1430f2cbcf1bdec2206ac56243c337b7

    SHA256

    f47b65946298dfe37ea02e6b76aacf9897ab5a3cf9e0f723ea8e8db05161e4d9

    SHA512

    7be7f295329c06b529590ddad89e1af78e3c0d643ba7e107b56fe7edfe23f8a64c2a5f24d542ca745cb1b45aad4347e83af91c83400feb63b3982d0f2ca348d0

    Download Submit