Overview

overview

7

Static

static

3

08c03a107e...ee.exe

windows7-x64

7

08c03a107e...ee.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08c03a107e01abe2e51a294473af5a9dc6a92badb0c28f224ded0b47076269ee.exe

  • Size

    2.7MB

  • MD5

    0e7bce639bd393d4a617ecc9aca895eb

  • SHA1

    4982239b2e18dd4587905436cd0e14770ca2c0c7

  • SHA256

    08c03a107e01abe2e51a294473af5a9dc6a92badb0c28f224ded0b47076269ee

  • SHA512

    10eeda7c7a19ad7c5a6150d02c7d2c520b820fa0e4aeccaaaf8394e9ad1d7fab54b5c8c5422672d3c760fba9b1beca8b40185b5b932730cf33dee072a12826d3

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08c03a107e01abe2e51a294473af5a9dc6a92badb0c28f224ded0b47076269ee.exe
    "C:\Users\Admin\AppData\Local\Temp\08c03a107e01abe2e51a294473af5a9dc6a92badb0c28f224ded0b47076269ee.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3604
    • C:\FilesML\devoptiloc.exe
      C:\FilesML\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesML\devoptiloc.exe
    Filesize

    2.7MB

    MD5

    2d7f0e48ffcfcc167e025bee6ba0c8f0

    SHA1

    ba017de7da439349e3dac73035728ff18975c0ef

    SHA256

    7863681df16f6165344b4572272eed4b88f7cfe4bbd45f9d45ad1779fe7b37be

    SHA512

    59b481566d7032b17776d8951dfbf9f8733c092005277b0731b7b8fc631b19f059e885d1852f3ae318e022133468fb20b4bf06a23be2788beb6223aedf4c5915

    Download Submit
  • C:\GalaxRF\boddevec.exe
    Filesize

    2.7MB

    MD5

    1566af83306befc481fb42e51ab33702

    SHA1

    32503550543b9b3d22b53581c852bb12f019a3d3

    SHA256

    8fad91f6d98b0cb79bb84289126edd3216c01202b0d31395c1bdafee6175f657

    SHA512

    f572baefc4b5bd08ef492c4f19e8eb03337a8f438f906363571636ac1ad8df4bcbf5676d551ec179c0e49bc5ee2c40f8691c52389657d745075539746b4d3226

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    208B

    MD5

    2f187e0abe8e0d53941d474fee563271

    SHA1

    d673ba66e95736d03c2f76d2726311489502c925

    SHA256

    4823d8620954156c6d8b2ac507f2b8e9ac5ff7efa40405f9877b17cc9e6b7dd7

    SHA512

    072c5f9a46b33467c3e6339f5356cd4170ca92e5b8b8c17472b4bf1e6a17518bc31f1ddb85c88c335527526c61b76e19ab7e2ff3e1027792c6345a2d1854e0da

    Download Submit