Overview

overview

7

Static

static

3

7fd1990afe...da.exe

windows7-x64

7

7fd1990afe...da.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 00:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7fd1990afe83c38e8417e7b8da28c3711c8319cd9cfb6b465ef4216d318dfbda.exe

  • Size

    2.6MB

  • MD5

    3b8e40483ade253573b6380c99a452ee

  • SHA1

    e11487608fb18259ff185df7635e6e598a647f36

  • SHA256

    7fd1990afe83c38e8417e7b8da28c3711c8319cd9cfb6b465ef4216d318dfbda

  • SHA512

    fb5eaa2900c0967a3251da898775d03035ef06482d9ae4c779beb10de7f94e66319a61079d107f6573b2975b6b7719a016b4063eab3285f9b54ea4d5e80aab46

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBN9w4S:+R0pI/IQlUoMPdmpSpR4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7fd1990afe83c38e8417e7b8da28c3711c8319cd9cfb6b465ef4216d318dfbda.exe
    "C:\Users\Admin\AppData\Local\Temp\7fd1990afe83c38e8417e7b8da28c3711c8319cd9cfb6b465ef4216d318dfbda.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Files2F\aoptiec.exe
      C:\Files2F\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2584

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Files2F\aoptiec.exe
          Filesize

          2.6MB

          MD5

          51d5950f5ca6676c4b4dee08b8f436b9

          SHA1

          64beac8cf9540aae440154e6f3df9f3bee953c07

          SHA256

          88f89a850ace6cd871d2e9e027eae546e2af1a61590f131a0f50111f46197f9d

          SHA512

          a999008553e20ce07a2decd6c810ef0b26a55e856fca243de51f44a7da8ad4a97ff37022892f025e91a6d75f4bb0e847c3d036969b7b3469e6ceaa38aa4c81d8

          Download Submit

        • C:\GalaxT9\boddevec.exe
          Filesize

          2.6MB

          MD5

          0d8fc7d2cb2e8fed82170611c278eae1

          SHA1

          fd4d83d7c694f8c64f8bd51bd88bf7593ca114fc

          SHA256

          b4cc87855af4911786371109a9b78896fec9f77981aa844233065c44d6a2b239

          SHA512

          e40af46f112792452db27b7cafa30f309a3f99c4d52b698cfe9e867ba8e34bef5d000c3b658c1534425a8fe48d3d9165dac2f9ad1f2994c12fe40c18f6fad658

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          203B

          MD5

          555619597411196f698e3e2ed9082109

          SHA1

          2fd7eba60ef45ef1b501ba42182a39ab540ca135

          SHA256

          9b297da92615c3c93b93a3dcbe7e8982bff7197da54205447ccfd82361cfd80b

          SHA512

          1bdc5fe4450e87af006e0f121048471d359e189c360bf638f7abc5939215b3f196e1f750a13381d287091dd559d3b21cd26f4d1a5a7316d8cb47927b444cc3d2

          Download Submit