Overview

overview

7

Static

static

3

1f0b3254ef...0N.exe

windows7-x64

7

1f0b3254ef...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f0b3254ef78851d65b3023b32ac32b0N.exe

  • Size

    2.7MB

  • MD5

    1f0b3254ef78851d65b3023b32ac32b0

  • SHA1

    1a8265528d78276f2d54036738b960bba196d452

  • SHA256

    69b337a45dd92c9746ccbd7dfd0989640aaeb75050705e2d8a8d8519d015222a

  • SHA512

    63790c038bcdc2d9e19a4cc88986b4dd45b157b9bfab52b347f1b1542780366005430b07731f87febb4e40db2ca52cb1445c710b1770cc96684e468f4956e12e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBr9w4Sx:+R0pI/IQlUoMPdmpSpL4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f0b3254ef78851d65b3023b32ac32b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1f0b3254ef78851d65b3023b32ac32b0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\UserDot5V\xoptiloc.exe
      C:\UserDot5V\xoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintBY\boddevloc.exe
    Filesize

    2.7MB

    MD5

    2f33137dc42225c7295edfe2aa4cfc1b

    SHA1

    a436de7e7ec5f7bb972b304067ddec0ed649a2a8

    SHA256

    063fdffc171626fc750ad03da6be8952a4a47db6b835fea61c62123d81385af9

    SHA512

    1d4175d1a5260afc87bf7a0b3ead2c7f7d6db6a19e6d65657dd7e6af8ec0e68ff6717095cd9262a823009081498c6e50cb08ea6cdd7e4f33456a938ab969c408

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    206B

    MD5

    1e6048bda873d8171a4cd7134d299918

    SHA1

    9f03b6f4e2461d03a93292cb45f21e6250ee31b7

    SHA256

    2a66b1cedc4a61c3b9885b0b1ff2c41276bf76412eb3ac6bbcd80261ad36bce7

    SHA512

    e282863a77ad7cb1496872019991a112e78c1dde9d6bec7884809e115e8441bca426a61dc1bcb5880d100a57e7f61831b5ac2f7fb7df970a58ce2dba3a5fd2a0

    Download Submit

  • \UserDot5V\xoptiloc.exe
    Filesize

    2.7MB

    MD5

    3d74d8955887ab8b43a93ca6413a90f7

    SHA1

    2081ca35f82152b757ddba97dd67dc50db1059b4

    SHA256

    f505766aa9f43797d7864a12317b8b375882d3df45502b975cd1f53ae0a7ddd9

    SHA512

    3d85f7df014883ac012b15747d19a88fcc8d3a6353ad24bd101b3900d97d760be7976b8210aa4e38c8da98b22a948fdbdd26326ee30f007d2afa11d9c301360b

    Download Submit