Overview

overview

7

Static

static

3

3405cbd658...0N.exe

windows7-x64

7

3405cbd658...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2024, 00:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3405cbd658d4a26187856578afdea2d0N.exe

  • Size

    2.7MB

  • MD5

    3405cbd658d4a26187856578afdea2d0

  • SHA1

    60aac7c276c5f81f8a4a1b04124a38033aca2bda

  • SHA256

    442114999aec278c4ec1700c98ae042e8fd614dd8c3e63697094758ddb2c63c1

  • SHA512

    c6ae1dbccb7159bca0d378edabcc25957de080dcec9c0f5b2959d6e9094a4a7234919a747580c8d2e9051ffd9c8084417194bec1ecfd6a9396510f13ba4b610f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB09w4Sx:+R0pI/IQlUoMPdmpSp64

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3405cbd658d4a26187856578afdea2d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\3405cbd658d4a26187856578afdea2d0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\IntelprocUA\xbodloc.exe
      C:\IntelprocUA\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZYP\optixsys.exe
    Filesize

    2.7MB

    MD5

    420448d0f18cf7f2ad516437fe6f7090

    SHA1

    54ba666c84861be2e654c5d739a8d45cfb719357

    SHA256

    072c5d1f615d8262156f19cef5daf337e1c0437aa3737cdfe6296fcea9331e75

    SHA512

    6d907a0471490d0279746467a98a25d5661433d56c7514169664a3bd3c271c72f29172181f91c05c759c7aff9c9489e2e521bac71b85a97f4521811f6cc9c4a0

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    f32189c1e529fa7268e15b877e48c232

    SHA1

    e71a070f89896efd7c95c3b0bbdd0632dcdb4270

    SHA256

    7b2551f051390bad824bff8de8d47696dd1ad76f9271dc548ee12b02df0afbb3

    SHA512

    3818c5d6458ac9ad4c103e35c2a7556c2a8885fee947a7038fd914a991b0d131d37193d4e3c9aa45874713e03c296b26ee52e77e07eda89e5135b76babd39f1d

    Download Submit

  • \IntelprocUA\xbodloc.exe
    Filesize

    2.7MB

    MD5

    8cb6a5677c3f22d0f7255534bd0bbce3

    SHA1

    1e06f42a7dbca5a9ee3c992dd915de0681b0da52

    SHA256

    f66f4f02010dfca5baa8e0111b5cb431d72590b203078304db86285fd55e60a2

    SHA512

    4aef5bdaaeeeb454951050b6d333a4557decafdeccf04659d590b27234435d723bbb383f941b0edbf1ebcb861f32e978668f0694f92d969cfab6c4db8d01a39c

    Download Submit