Overview

overview

7

Static

static

3

30aed4fdd9...0N.exe

windows7-x64

7

30aed4fdd9...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 23:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    30aed4fdd98c38080e951f65baf19ca0N.exe

  • Size

    2.7MB

  • MD5

    30aed4fdd98c38080e951f65baf19ca0

  • SHA1

    ccc91aeebac80a7a1fd2d1d7388410c57bf60ccb

  • SHA256

    26346d7f4f0a03de6ce65b4c4e9bf5019f30b32f95102c3af2db95e16a08ba6c

  • SHA512

    2a4d7cd591ceee2c7bf227972663e13f3e0d3e2cf9abdbb1b37edf50b7aa1ac3eb6f700dcf07847ac63e60e53a80caacd859e01b203dd94eaaafcb34392309f0

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBp9w4S+:+R0pI/IQlUoMPdmpSpp4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30aed4fdd98c38080e951f65baf19ca0N.exe
    "C:\Users\Admin\AppData\Local\Temp\30aed4fdd98c38080e951f65baf19ca0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\FilesK9\aoptiloc.exe
      C:\FilesK9\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3452

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\FilesK9\aoptiloc.exe
          Filesize

          2.7MB

          MD5

          889edc502e61b7e3e8fc41ba89871df8

          SHA1

          fc1c9501e75fa8782386ff9abe015fe0d0a965e5

          SHA256

          2b42e06d7af1aa2c193c2cf44f7936cb26a83f4614b78b4ef5f9d3db1dae7f98

          SHA512

          4ebf28f8d2843137d04094e5e19028da73a27a6ed85b3b3d7c529e88557f789e5e467bd5dc3d11baa661f5e3c19d26e6a3494ee8e47dc94e635316c9ba9b6381

          Download Submit

        • C:\LabZAG\dobxsys.exe
          Filesize

          1.6MB

          MD5

          c72ebb13d6647f6ea27a918daa0147c0

          SHA1

          952f3b623531a01a53465b69715853950e834163

          SHA256

          46fb390560c0e60a82c6c9fecf5c656a17ad0816f0c84f4f774f71802d7129ce

          SHA512

          e0b18215a59a8a0ddc64c2612bdb41fd4a901a8648450c06080dc36fcf795e9f36581fb80373b5995cb077811442f68c79c981d8b7f0d7d3d4372492d547d73c

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          203B

          MD5

          9b62c30f92f56fb829d56585b9b90ebd

          SHA1

          ae191e5b561a70d55d339cfb63fac0dfb84c648e

          SHA256

          bf046b9e28bef053a1a229c638256c1d9386a0e7f852b70b4ddd45bbf64619d8

          SHA512

          f19580a89b55b8707b67156882cc9e1f523c2d85569ee84d900d974f7c87d04d3bbeae5c321f2d3069885fc0cc1739ae3544de5ad176b1d5adfcb6287f84264a

          Download Submit