Overview

overview

7

Static

static

3

67c0b6d941...0N.exe

windows7-x64

7

67c0b6d941...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 23:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    67c0b6d941fb6341ccc6b161d3510d00N.exe

  • Size

    2.7MB

  • MD5

    67c0b6d941fb6341ccc6b161d3510d00

  • SHA1

    82cb9d0ff4e0b2667f8564dc0138c831fd188acf

  • SHA256

    4dd186b3209f85e74cef4e25fdd025891a818e74ab56d4ae694f3dde8b053906

  • SHA512

    17beee2d5e017f51736f5fad922a007bf076a8589614f01b805b67b9238c34f90b730d93742f7118e7fdbc741966c7bc760c3b953f408cca678788ab99cf80f8

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Sx:+R0pI/IQlUoMPdmpSpo4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67c0b6d941fb6341ccc6b161d3510d00N.exe
    "C:\Users\Admin\AppData\Local\Temp\67c0b6d941fb6341ccc6b161d3510d00N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\FilesIZ\xoptiec.exe
      C:\FilesIZ\xoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1388

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\FilesIZ\xoptiec.exe
          Filesize

          2.7MB

          MD5

          705ebda8811ce30ab1afa5ef980854f1

          SHA1

          1a650f5aab32309ef47aa6cbb4c0973b8dacb406

          SHA256

          c4d15440729b4de72d99d47e511dffaab86549cd0398bd0cf14c04653a22f8d4

          SHA512

          a9c53b9132294c5245fd34f1ef41f67a17bcbc6313791bb79532c10f9a88433b2f211331b70c6be4f26ca80536185f4467b2a15ae0775b13f3499456190b6eca

          Download Submit

        • C:\KaVBPS\bodxsys.exe
          Filesize

          2.7MB

          MD5

          de138bcb48ad3a030e8e66fd83fd59ac

          SHA1

          4bacd700c6caf6d6cdd462d234c0584711338e4e

          SHA256

          2268a070db6e5b585f5ab938a6ce18aaa4639e63b0bbe418be4c8286d65614e1

          SHA512

          58cad4e83bfe72fbd258b9233a1f11538af6f58d148a476f6ea35260e6ae170e10c8dd235efda160a168bc859155f4f15d04eaa219a6755f2fbe13b3719acd9e

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          200B

          MD5

          ea7be4e82306431852a6526e4d76d560

          SHA1

          e372618089461ee28c7f0289fa40deac4c4bada0

          SHA256

          7c3e1ed3079ea26e9e71c50dba0e995af793d4a29498e661d05fc19864a7a8a8

          SHA512

          6fc7d8cec71e1388e9d40672fa2ca804a49d6e8e1b9d7e52853434501306eeba54695ba2bccf50338263de220887e7af74e17f8aaf7dd9edcec25d4d2510c922

          Download Submit