Overview

overview

7

Static

static

3

ab8c916707...0N.exe

windows7-x64

7

ab8c916707...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 07:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab8c916707269105a4ab4e9086f8a4b0N.exe

  • Size

    2.7MB

  • MD5

    ab8c916707269105a4ab4e9086f8a4b0

  • SHA1

    8273d2fd32f313a0e99d50b47a5991420423c14e

  • SHA256

    fa2ef8046fdd2a42ba0affdc439e70886fe80ef99ea7983067f4046587c8005c

  • SHA512

    6e914647e89ff5e48e50587164cf4d875e04cdc758f5260fabc45eabbe869c4ad7d1ce90c3c67e807fac89279eab050961382ad7b44ff541326d0155d823b402

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSpM4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab8c916707269105a4ab4e9086f8a4b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab8c916707269105a4ab4e9086f8a4b0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4816
    • C:\IntelprocYF\aoptiec.exe
      C:\IntelprocYF\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocYF\aoptiec.exe
    Filesize

    2.7MB

    MD5

    5293a64c5be9f65c216f34da920927cb

    SHA1

    3900959e9bc06a82cda2cd90b3a2fc215afe9f55

    SHA256

    ad58c8efc01d462dc14cc6f4ebca6e86b5fa9ea2ebf5df91924522c870ec67ab

    SHA512

    3fc9712205ac1bef1dfbea6a679770cca102936684baab253576447275595cb39085c2acd7a9943eb90f436f1c6e18ac088b9ada6c182a94c3c07fe7619de7f9

    Download Submit

  • C:\LabZDU\dobxsys.exe
    Filesize

    2.7MB

    MD5

    e5c9d8e09839969ab2a35187086fba37

    SHA1

    4a6aa928f2fa8ca1a73873d40f130a7e4fa400b9

    SHA256

    69a4b4f36932dbf8f556f0f64bd0839018b4ab7ab48ad54591503c9134e38fd1

    SHA512

    1a5fe31cc7e412dcf69c41442c01d0ad987b4485d3d48e75096706cb274f2305c64bd70308f378084342d2d0e0f2874fd0af21fd61e3ea86e19fe0716ec23957

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    6aece8b349a02cac56fb2e2e56f8cf20

    SHA1

    b269f5979fdfa0ae1820a983d0f337ae0dead183

    SHA256

    86a46c9ba23065fd2b44cca6cf47e72ae00110fb9d89857eb4f3079597dad3cb

    SHA512

    814d9b7135424eb141d4457e0a90c4e1375f4b7892637685f6876aa6140c220ccd3ae79317de5e4d27ac4eced5be6ec713adcae325f303019c0301159af91d5a

    Download Submit