Overview

overview

7

Static

static

3

9a062cf3f7...0N.exe

windows7-x64

7

9a062cf3f7...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 05:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a062cf3f7a93a8d3a510769ba852950N.exe

  • Size

    2.7MB

  • MD5

    9a062cf3f7a93a8d3a510769ba852950

  • SHA1

    a906621dd0d4d15d1a60c0953a53636f3fb345d9

  • SHA256

    ccab0921b5bb13dc4c2179e5c2471381a28985ccd333d2badd5266564f07f2d3

  • SHA512

    92495fe585a0e56ed2fe4dd1f261daa87cc1957ba3adef97382623f5859bf7d5113d9e7e66f0360d280edbbae6f94291936165eb825db769b6bc5e374c463a2b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBw9w4Sx:+R0pI/IQlUoMPdmpSp24

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a062cf3f7a93a8d3a510769ba852950N.exe
    "C:\Users\Admin\AppData\Local\Temp\9a062cf3f7a93a8d3a510769ba852950N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\SysDrv53\devoptiloc.exe
      C:\SysDrv53\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax5U\optixloc.exe
    Filesize

    2.7MB

    MD5

    7581c31b9fca226c476f686b260124b7

    SHA1

    3eb152949ed9a72593f6e0192f2e4dd8a1900a6d

    SHA256

    fff9759d95522ae32ab8b4dc6d1fd4d5bd4269aea5b8b2604b7fa5fd0681b857

    SHA512

    0f512685d5b0751fdf015d91ba135e4afbcca2f62ed15633e4e26817642b085216c3a48b7ed296f8445b7a8dafbefb1532d64dfa115adf7f82cdfbba1dc1b5ea

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    209B

    MD5

    baf429684ffb5077d7c94a2a1678e63d

    SHA1

    ea09bd991870a42f27dab99adca8c97dc76bea11

    SHA256

    f7cb4018c29660d8431e082d06a022d9e5cd395c31a4eef3bada8297bb5a093f

    SHA512

    fe8812ecca34ddaff5b564551ae6691812fdf204d7879372ab492e9ae0a5df908f93e7837f9c37bfacdd5201c3df70f01e9ec3ed9b3a66ba013b06ee414adbbe

    Download Submit

  • \SysDrv53\devoptiloc.exe
    Filesize

    2.7MB

    MD5

    cf07cac9680b108f4ff30b2ba283d394

    SHA1

    4bf6dfd52a0941596e0c960fd6e8b2eaf8c45061

    SHA256

    2c52a1f1b7ffada3d0bc655c4fb029e9a028aecd5608a44b6dba26490aed7532

    SHA512

    18ed9458b9a80566959231bb3e0b661eccd5c43ac8d14164c9d17d4e719c70d2f3a1896080c815e59a82a1df179bd3db96e262a174b98b9773e3a89a3050057b

    Download Submit