Overview

overview

7

Static

static

3

09421bc642...0e.exe

windows7-x64

7

09421bc642...0e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09421bc6429c5804e1948ae9dc4c45b2583975164583e08f2b968106f0ef6b0e.exe

  • Size

    4.1MB

  • MD5

    9af8cd06eda45dda6af626f5e1bb4876

  • SHA1

    8041d152ebf87ac6047a43aad9740b20c10c907b

  • SHA256

    09421bc6429c5804e1948ae9dc4c45b2583975164583e08f2b968106f0ef6b0e

  • SHA512

    95e142354b99bc590453cf268d8c56c6df19fe662c3b5d272ee5e42a44678df189c2c51d9e8245762e5c85563454919f6d618aae09f8ee3b42e4c1ed9508718c

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpw4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmj5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09421bc6429c5804e1948ae9dc4c45b2583975164583e08f2b968106f0ef6b0e.exe
    "C:\Users\Admin\AppData\Local\Temp\09421bc6429c5804e1948ae9dc4c45b2583975164583e08f2b968106f0ef6b0e.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\AdobeGK\devbodloc.exe
      C:\AdobeGK\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxTK\dobdevloc.exe
    Filesize

    4.1MB

    MD5

    2381435ef9bdeae5ba22dd4b9dd45042

    SHA1

    de3e39e29711cf4fdbdb6c6dac7add7bb8550245

    SHA256

    1deb9549faa4390c644cad38b7f2f42fb7eced4ed9829e4b2707b7c4ca463c59

    SHA512

    7b1da18ddb810278a799f3f55fe9a409fcc056fc85316c0a576c4d46b1abe3cab1fec64cdd29cd275407d475a5b84eb5538d364c63dfe40430c36995c3e13e12

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    2fbce58761e0502dd1e36b729b879aef

    SHA1

    d3d83e38ef334cabf96d949947726ba14f39ede6

    SHA256

    5773fa4be981e843255f5babdc602604381bb7a18d6f5aa3d40a6964016a76ab

    SHA512

    f5021094e6b1bcbed142c24a2ff71e66b6182e132bdc0de0f42d88e359da3e5c6676d5a78ac4e3aa35ec78c60d6d215ab76e53243835add78a1ca3438b0a305b

    Download Submit

  • \AdobeGK\devbodloc.exe
    Filesize

    4.1MB

    MD5

    34da532f9dfba10857d092f35f3af525

    SHA1

    3e740ce766c458aec87673de756ccbf778370712

    SHA256

    17b3068dc2b18369c814595a0c1ad082458d59ce1d38c82d0c9093d7c3f080cf

    SHA512

    f973f521b572395526d1efa8e112966eb506e9fce3cde6355628d6111aa5c488f798ade302896eda54f4dd1b9a3a423e00730d8d0a962e2c5fb416e0c7846440

    Download Submit