Overview

overview

7

Static

static

3

8c078c3531...15.exe

windows7-x64

7

8c078c3531...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c078c353104ab83aa9c8cedf3caf9a2cf49f79f890d501c86b28e11f4953d15.exe

  • Size

    2.7MB

  • MD5

    ce02e85d85e8cdaed746b5c810e7073c

  • SHA1

    cef6dc67c283e758839a3b1636e5e57f751483d9

  • SHA256

    8c078c353104ab83aa9c8cedf3caf9a2cf49f79f890d501c86b28e11f4953d15

  • SHA512

    a7bd705180dba51cd3cba68c0eb32e8741cdf2670f2c7a2c9c8761d429bd7017f240c86ad65fc600a11387b300d6b49850331cf148ed250c16553127fb9bd9ab

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpH4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c078c353104ab83aa9c8cedf3caf9a2cf49f79f890d501c86b28e11f4953d15.exe
    "C:\Users\Admin\AppData\Local\Temp\8c078c353104ab83aa9c8cedf3caf9a2cf49f79f890d501c86b28e11f4953d15.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\UserDotAB\devoptisys.exe
      C:\UserDotAB\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ9Z\dobdevloc.exe
    Filesize

    10KB

    MD5

    9eab0c1a3386161c00b00c7827ad6851

    SHA1

    5d72bdde39dfbe7783f852e96e43d970be29c16c

    SHA256

    a72c348f8dd1ef4300129a7323fc39326c5877576eb369cb624d2788e50d2297

    SHA512

    abd28967aaaf51cd78745524bd2f8c0f779bab075b559e283149cefd7ad8a26ec318c35073ba81030aa7644e5b8513a418db60a79ef345941a5908ce92f7835a

    Download Submit

  • C:\UserDotAB\devoptisys.exe
    Filesize

    2.7MB

    MD5

    d6f2438525c853fbfacd9a1389c95908

    SHA1

    b8dec4d9d1fbdb5e322b9a187e99f421e1cf79ab

    SHA256

    9f71ff709076002a7d37871af70218fa00b8dfba15da2b13d4091953b20ddd8b

    SHA512

    e588607f4cb797c86ca164ada4805a3d3985c6f4b30ab99dfb41fa858f73baed07320e874937df3059a1cacbd685a176396fa4336275e2e4d0c56ce209ed181c

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    207B

    MD5

    07b3eb07d59d2d28b57d3f3ee44d6714

    SHA1

    c502136a9956ca9e4170c9df412c26c3589bbf87

    SHA256

    200a83ced07a2e3021e96b77be007b6d0de60d7831b4cc00bd7a83cd7907cbb4

    SHA512

    1786a0acb22cc5fe51816fa6f4a28ffc301a2f40a23f597c57dc08ced74459ed2f1dd4b1f7d1e8d4ed44e3217c542b9fed559c5bd38596c3f97d59d790a33e86

    Download Submit