Overview

overview

7

Static

static

3

2854ed785e...0N.exe

windows7-x64

7

2854ed785e...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2854ed785ea9b7ec15fdcb3bc8f3bdd0N.exe

  • Size

    2.7MB

  • MD5

    2854ed785ea9b7ec15fdcb3bc8f3bdd0

  • SHA1

    2dbed0906eb7993df55f372d478834dcb001a901

  • SHA256

    a69bb14c696c31049d9928832b9c4dc8c534996a56c192107a79d6e2481c640c

  • SHA512

    1ea13974c25f4c546a5da501a487220c39a2953afb7dc0bd7fbc97f4bab63f48366a5f76cc7fa52da368452c1fda2d69a9044c027e5aa95220be66cda1363824

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBp9w4Sx:+R0pI/IQlUoMPdmpSpB4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2854ed785ea9b7ec15fdcb3bc8f3bdd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2854ed785ea9b7ec15fdcb3bc8f3bdd0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3464
    • C:\Intelproc6A\aoptiec.exe
      C:\Intelproc6A\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc6A\aoptiec.exe
    Filesize

    2.7MB

    MD5

    53754566aa0a4cc7fdf429f1334a8c6b

    SHA1

    979d5b8567249f37d5f5088fa46f39ed64d72b52

    SHA256

    07f92e13af927eab65c3ebaaa2f762f05e3da4285d70f20d265dced5919214a0

    SHA512

    2d6ae492df774db9762cbe8714a3f24be509c8bdfda20cdd0bda1f2fe1b6a47f0dfac66d729abaf8d7ab9a501e656afcda8f960d2956df74592b4a022bdeec60

    Download Submit

  • C:\LabZFQ\optidevsys.exe
    Filesize

    2.7MB

    MD5

    17425dfb142974355cd13cdd2506b778

    SHA1

    16639202be640fadbcc129a6fe1f721c707f849f

    SHA256

    219dae571164bf18404df818a04982816c1eb4efaf3e37335dfffddd1a0ad07a

    SHA512

    d0535fb41612e85c26fc28d06250bf732587aba2bd858bbae017a766a10fffd1e54076b8fab5fd1c125571497601881538b5b2751d98a79eb560b5f0d3e10c6a

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    208B

    MD5

    1a918205253f1f331148862ece5aee05

    SHA1

    ec6b3bb9982033b806ed061ad23861f1a7245dc5

    SHA256

    8c7949bc80f867db8e8b3f9a1ab8e48c6af4d3fc87bb42d802a867547e9a4df0

    SHA512

    7844813ee7d48ee730b6569a701393cef084987323d8df1d1ea08c12d5b36966592e76a26a34fa85f65a0abce24fb7e4d4864621a3e06151951dbeac36be14b2

    Download Submit