Overview

overview

7

Static

static

3

c9f2346f43...0N.exe

windows7-x64

7

c9f2346f43...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 11:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c9f2346f4391b19bbcb7aad5546387b0N.exe

  • Size

    2.7MB

  • MD5

    c9f2346f4391b19bbcb7aad5546387b0

  • SHA1

    883f503130811e03daced1c858a4a94727afad0b

  • SHA256

    98053147d8c4a10c374e40c45922beddc21dac8817fa1be9921fbcf63fb9980d

  • SHA512

    53adbafae6552e08cdeda72dd7331d16e193f23a728b5acfb7b5fe771c8b2f62d8e7363ecb13e3c99a365e99eb57a560a7674c38ca49f5520a9c347c8a2748e1

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSp+4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c9f2346f4391b19bbcb7aad5546387b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\c9f2346f4391b19bbcb7aad5546387b0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\UserDotYD\abodec.exe
      C:\UserDotYD\abodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBPP\optidevloc.exe
    Filesize

    2.7MB

    MD5

    7ef033219f4b31a7402b740603fe3664

    SHA1

    63562904085c7f934053b4fa0cca79f4a7b7aec6

    SHA256

    54f8625d5639d8d2d105536b166c3d581364c144d4f6b432bb7b22ebb553acbe

    SHA512

    597e00b53fc95645d526078a933bb81d96327d5ea7c57c61736fca29488c92723b71fe51ff77ec37239f22c5d3b47f3b83b16c13ba71e53df9e35610fccac597

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    a3c830645fa6137d5f92d144833d5419

    SHA1

    7724fe12c2bcfdf929dfe103176b3d4bd994b316

    SHA256

    8926af191f095a161c97198f1436fe68a8307f033dc1df4bbcdd5e5cbf880fa1

    SHA512

    1930d9ff3ea24d607105443d464e6dd9f0f34a9fce43abef611a9b0e373ecd478954222a479b8d81924441f7be4164325158e386a404138aee3a1346ee6d1d74

    Download Submit

  • \UserDotYD\abodec.exe
    Filesize

    2.7MB

    MD5

    b88f27a7ba4e3fb7fd4c97cfa03c724e

    SHA1

    2b961b6e05bc6fc52ff744a54e5e575325fd7287

    SHA256

    7202e6132522b8477d779d21b779ae46d36e627acfb8326fe38d4e863ab635ba

    SHA512

    64ace3aaeb8f217d6b508aeea5cb0c4bc7649d16a2bf73a2ababb1588bdc0fd279f4689fca7cf35e44e4ec7c525c81dd33fdbbdaac19d56c43dc171d26422eb0

    Download Submit