Overview

overview

7

Static

static

3

8fc01923e2...0N.exe

windows7-x64

7

8fc01923e2...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 04:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fc01923e273e72a72cb87ab9c4b29e0N.exe

  • Size

    2.7MB

  • MD5

    8fc01923e273e72a72cb87ab9c4b29e0

  • SHA1

    96b0d9a09722d6256a6f32340f6c1b46211dac61

  • SHA256

    af35df04391306ea1f53827b0a680ba69f279c7402a6057a6aa6984cd90ed0fb

  • SHA512

    e283bdbb51fe48bd18773337c624e81a6ca1aeb40e09a3b0cce851da0fc01b413ff784736e92f4f184a4763b6b7b1fa520674ad53bd35c0724fdb10ab1f20769

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSpA4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fc01923e273e72a72cb87ab9c4b29e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8fc01923e273e72a72cb87ab9c4b29e0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4744
    • C:\FilesZW\xoptiec.exe
      C:\FilesZW\xoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesZW\xoptiec.exe
    Filesize

    2.7MB

    MD5

    eb0e7fd9a0371c160d89c2f2b94a7d7b

    SHA1

    50f680e11157ff723d60a9e0e08bfa857d18b622

    SHA256

    50cccd1ac8a5da738821088d7adb14b81d1edde5ef9395277a12ee95191f11ef

    SHA512

    c3c52fd2a556f94514b3b7058d16efcf9037f464981c938c15fcf7a3b5ee63a19ce3f243e3631c0457d397d525504b49ef59d099be3e70bee43ecc8dbe57543e

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    058c726e8a9ce7165eab19583e88f038

    SHA1

    2f0b713f6639eef57f62373e248109cd7008a897

    SHA256

    55bc89dbf7f6db3789e854b7a9a2ec56240bf711e339286bd7ac97e7de0af50e

    SHA512

    a7e499be06e6789567aba0e576b5a7ab9e48c434ff2ae0559119bc4246203aa6f6281fd23a59c76a7aa2e91a7ef25ce6cfeb4d65bbfab91cbf8bbcea63bc04f9

    Download Submit

  • C:\Vid35\dobasys.exe
    Filesize

    1.1MB

    MD5

    6fe910de7bfd12f67e509257305ea4e5

    SHA1

    a33b72d6aff7fbb5096d33efa8c513f219235411

    SHA256

    83506f61c92ec934a077ab28eb1820a3d970067a9f0f289a887af424dc9691e4

    SHA512

    dfa40fc430a47016c105b01f69220d6b180706f8760096135f7b8a8976cd15be1a9c3a710c293a7b6b8803969fee9d445b72a15e4ddf9c387464c0e0bee8df16

    Download Submit

  • C:\Vid35\dobasys.exe
    Filesize

    2.7MB

    MD5

    c808457fe1b7e70c8f6a1fd2e8c48cbc

    SHA1

    23b9e835910a734cf77a3d28814775e1fd88abbe

    SHA256

    08f04758eea38c776948a37d3ab56ba5c8cd948cbb494e1417d155abb8818b92

    SHA512

    7d65fee2a8fe18d66707f472bdf679ba3807e0139b4943aa93da1ff4066c1cf4bcabd10ec8c76ac2313cf20bff77fef45cb2fd8c276f46a2aaf696409ee479c0

    Download Submit