Overview

overview

7

Static

static

3

dcf78a3cb8...fc.exe

windows7-x64

7

dcf78a3cb8...fc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    27-07-2024 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcf78a3cb8612db2f5e875c6edee7ed6c486ec85c6cad92451a721d95c4d0dfc.exe

  • Size

    2.7MB

  • MD5

    7a532e8d589d54fcbf58f6784b94731a

  • SHA1

    3c7f994927da39ea36b0e6277c88b545e9ca7840

  • SHA256

    dcf78a3cb8612db2f5e875c6edee7ed6c486ec85c6cad92451a721d95c4d0dfc

  • SHA512

    563e354c120d63522db792cb2305e6a063b963a08854b14c72f00e329af1fba51840fb9a339ad69a86cd1affb5622704cbef770f4fbe4670f443b17d7ce36ad6

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSpa4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcf78a3cb8612db2f5e875c6edee7ed6c486ec85c6cad92451a721d95c4d0dfc.exe
    "C:\Users\Admin\AppData\Local\Temp\dcf78a3cb8612db2f5e875c6edee7ed6c486ec85c6cad92451a721d95c4d0dfc.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Intelproc0X\devbodec.exe
      C:\Intelproc0X\devbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax7W\dobxsys.exe
    Filesize

    2.7MB

    MD5

    21a57464342f5c52041bba9a1799b9e1

    SHA1

    0ebba3a66a18b8b2a133abe3f70646b85e5c63a6

    SHA256

    e92941369e71db9db4659ec40efc4813aa9a0f105331e26df6d7e5500b791fc4

    SHA512

    56d86ea4f46e2ae77e5f1285a7dd0b061cc9188a5ee8a4ab1522c7a3edfae605773a2fcfa1590388366a2c05e12095b3a4f345024b354650da06383ad590b3cb

    Download Submit

  • C:\Intelproc0X\devbodec.exe
    Filesize

    2.7MB

    MD5

    d9004bda5f7c161cb4153f9e18ac3c09

    SHA1

    9421e9134f1c273065bc3916914d8610528d1f0e

    SHA256

    abc31310cd82d18549c8baab7c2cd236dd018a12d467d016ab736be127ee1ef0

    SHA512

    63070e07921f8f2c388809d920b48325dc7e469ff79834a031ff0636b2bc3f5c6c74d920b52648e37f75f6bf1ef9ca168374a846eb0099a7dffd78f532e5cf33

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    209B

    MD5

    b4f4c7a7b0a0fe24e3fae30deb8b356a

    SHA1

    e97b39d02e1b59b0df43aa36fa97059a6a0f9595

    SHA256

    adf7944b627201d75b8b93102fd39579bc6fadcfde878928252972467ee1b147

    SHA512

    d136c6090d2b003230794641469fa0a710a73ec170d55a15d3410ddd5b00f45ed955291e355193551e42a2529f783fe2397517919c3ed791ec2950b50b1ed78b

    Download Submit