Overview

overview

7

Static

static

3

d467fc1822...ea.exe

windows7-x64

7

d467fc1822...ea.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d467fc1822c332b85f6187531434ea91f4b84d5fd50d25b42b3adcf1a954a5ea.exe

  • Size

    2.7MB

  • MD5

    70943ee260ee8837d0e79c43c41e060f

  • SHA1

    20de89048527f4742f1ef0605bfbcc19999a8e4b

  • SHA256

    d467fc1822c332b85f6187531434ea91f4b84d5fd50d25b42b3adcf1a954a5ea

  • SHA512

    6ead323f1b0f238cd4065915836e5207d715ea2b81ba174f9281b83230409a9c9de43e0ce39009cc7b2944cee83bb8a670191dd9214ea6df2264a3adf72adf18

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSpk4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d467fc1822c332b85f6187531434ea91f4b84d5fd50d25b42b3adcf1a954a5ea.exe
    "C:\Users\Admin\AppData\Local\Temp\d467fc1822c332b85f6187531434ea91f4b84d5fd50d25b42b3adcf1a954a5ea.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\FilesNH\devdobsys.exe
      C:\FilesNH\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxW4\optidevsys.exe
    Filesize

    2.7MB

    MD5

    a2b54aed6baeccd6f1f6e1d5a0f0e07d

    SHA1

    b5830fa3694b71f8ad2bcabf257cff3e25f77153

    SHA256

    beac6aa76d06f8df309719170544c593116eae910c4fc0479a0c99317cf719d8

    SHA512

    45f8870c6f140e44d24a51e165d29ae82df9effc5c5961dd7059193a2167ade6388082f6b46d3efafdbc73797006686da85a7764b821aa35895e49db8a9d2060

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    9ea586746e5565ed948b53ff05860f9c

    SHA1

    472482f1f7dc5df75e7e144cba769d9e05d8df26

    SHA256

    9ee1a57c07de62b1ed0c86b76e06e816f30e61bdee1505fa6fd534a0f316a75c

    SHA512

    c9677201acda7ff1ab9785184a151b9e52ffbd51959a489787c4ec566c991a20a5f15af7b2768390b65fbe6a25a099b367f672158c83935b2ca62090d59f3672

    Download Submit

  • \FilesNH\devdobsys.exe
    Filesize

    2.7MB

    MD5

    c7a8d157ee2e176f67b8760ad8bb58a9

    SHA1

    ed946c714ca0c8d7255accd3f5d72150c3b9f8ea

    SHA256

    49885dd8bd884af0bf4d165de43557cfcf27bcd04fdaae50cf51cc3ea1620548

    SHA512

    4b4bf994f9593e4a0fa2878d904b45b0e34c0690f640cbc3f7ef0728c6c8f8f2df3ae4d4e47405d26ce5c05de61b52b6ca30c3d9b99a31661a3c675ed9cb8d2b

    Download Submit