Overview

overview

7

Static

static

3

61249a4544...0N.exe

windows7-x64

7

61249a4544...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61249a45445545e570b55b4375088570N.exe

  • Size

    2.7MB

  • MD5

    61249a45445545e570b55b4375088570

  • SHA1

    6ca0925d875ba94bb2a91781467c89be89955dd2

  • SHA256

    10a892211e0f3dffdb006a5eb39da91277050b4be38d8e3a3eab32a756c270e7

  • SHA512

    b75e66038b99a0ef388a6a38611eb3d5e7cefe5c0d1e4f03cce95725e3db032cea048582ce3aa81c5e101ef4f52240852cbeed37418918cf2713f80339eb2b56

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBd9w4S+:+R0pI/IQlUoMPdmpSp94X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61249a45445545e570b55b4375088570N.exe
    "C:\Users\Admin\AppData\Local\Temp\61249a45445545e570b55b4375088570N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\SysDrvTF\xdobloc.exe
      C:\SysDrvTF\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZBS\optiasys.exe
    Filesize

    2.7MB

    MD5

    4a02229a5c888cadb433265b8bed7e2c

    SHA1

    9761c7b00637e1e4c20b1ebf01fb9c1969360d96

    SHA256

    d11f18799be1890b8dd63b0c612df41fd5467514a5c64b4f82cd8742a538d2fa

    SHA512

    0153d7b29dbfe843b7e66db58d31711b8bc89fb9724c842bd34bd7c24e9c36bca1cfb135162c92bba85da4bde75f2206ca90fccb33a670da99dc9c3b36d3ccae

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    d84846cd975db432289c91ae2e441a08

    SHA1

    5edb1d17be99f59ae8e8a3edf3569e7d7225a5e7

    SHA256

    3fb5582bdd1fea7ff876bafe70a6ab27eb69753ef7e9021bb9c5b2acdf106515

    SHA512

    8649d17974f9c3afe6d21da332d5b20b8fe0bdcf48dfa34f12821632f2028ac0e5d3038d56fb6f5735ed661b262113453ee728acc41f20b5a2d8c3391c0ebb98

    Download Submit

  • \SysDrvTF\xdobloc.exe
    Filesize

    2.7MB

    MD5

    feb444a9d1edb6dc9a40ef1c477f2607

    SHA1

    bb7200257162ffa18e379b16ec87190a82388063

    SHA256

    9e861a7c032c41333ba93eb7e419124ca633797f4cf6b82221e1ef154ce450d7

    SHA512

    53badcbe3b758267a28f1cf48d6459ac269c2bbbda1c1d1497f0efff7605dc7e8c0994ce157d1c0b6ea48608d71717152ea869b39c42c7d4664987f7e4225cc5

    Download Submit