Overview

overview

7

Static

static

3

3a584152bd...0N.exe

windows7-x64

7

3a584152bd...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 17:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a584152bddb4726eb8840feb7ec0fe0N.exe

  • Size

    2.7MB

  • MD5

    3a584152bddb4726eb8840feb7ec0fe0

  • SHA1

    5f6a37246986f21d6a2b7e5f67ef83b105a07821

  • SHA256

    56fa95326b6ca5ba909148bbbf78bd3e8c999169c6ee97e103eb9a14adcdd3b5

  • SHA512

    572e69c637b89351d756b9a7c1e657123f469bdaf6663b9e6de912a15ecd311fa0da5e022cece1ebc02314dc7b6cd60c51871d3b429d8e80de47e2433f1438fa

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBV9w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a584152bddb4726eb8840feb7ec0fe0N.exe
    "C:\Users\Admin\AppData\Local\Temp\3a584152bddb4726eb8840feb7ec0fe0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\IntelprocPV\devbodec.exe
      C:\IntelprocPV\devbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax2B\dobdevsys.exe
    Filesize

    2.7MB

    MD5

    c2b8db66eb052867e02dac3068f25a59

    SHA1

    6f9caf104d22b1681961b2a6c9493a2009e402d9

    SHA256

    70a3441a6b1be744612048e5594c28e5f6dee752bff02894bb6efcefff9b65cb

    SHA512

    848253e00e6cfdd4049b72205146e2d53936d9e4660240bc780fd29f483fa5a5af138e3892eb79a430e3d047b5c96fff861c51ca57b1924b98dfcb6404fb72ac

    Download Submit

  • C:\IntelprocPV\devbodec.exe
    Filesize

    2.7MB

    MD5

    1f5b26c6c82a9246e607534332da3864

    SHA1

    f092ded3a6d5a84c236197a8d3dda3d0e913eb15

    SHA256

    213f565e164587267da1b329b29273b9e04a66d8e7e08ef010abab331e5b6b11

    SHA512

    c3a01fb2aac5f1c5d5f08fc51c222ae324f20e8dd12e499cc365708dbed318e225b5fcb2c8356cebd82b8164a438f5bf41a2967649d4b56b26a2fc4157b8ae56

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    209B

    MD5

    4375362758154eea8770ad0369339947

    SHA1

    408d9697f8f1774477e076b36fc2f551fed30e9f

    SHA256

    c1ac329c4c6184cedcce8fd38c16c483c3c52654c976b1fb6796f66f21c051b3

    SHA512

    af35d12e4fe7160e996888d8e27b7943706eb98a59a5897057e483cc708c9864cc561e32da034b8cb90f0967cea973a13939b0538eb655a510910ba9b468773c

    Download Submit