Overview

overview

7

Static

static

3

0518c8090d...0N.exe

windows7-x64

7

0518c8090d...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 21:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0518c8090da274cda5250678563f4ef0N.exe

  • Size

    525KB

  • MD5

    0518c8090da274cda5250678563f4ef0

  • SHA1

    7b97920fd8e63ade1f82ce5173676d8592d82720

  • SHA256

    35ccc0a47617038ed4b6ce00af3df7ee0608b16f08b2c4f1395c156ccc45330d

  • SHA512

    1eff0ea17ecb1a9a9a60a803cceb7af16f7c4f9c12d856464bfccbc3d78dceb0ac473eae8316629c9db40a05d152c33d248a3c293d3d569c975de7aa8e2311cb

  • SSDEEP

    12288:71/aGLDCMNpNAkoSzZWD8ayX2MQCw7D0ditvWvb6o3mBWO+X+Ta2oavlc/BYbQ69:71/aGLDCM4D8ayGMpiRWvb6oi+Vw

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0518c8090da274cda5250678563f4ef0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0518c8090da274cda5250678563f4ef0N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:332
    • C:\ProgramData\wdgsh.exe
      "C:\ProgramData\wdgsh.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    525KB

    MD5

    7f4aeff5ace004439d0a6d6967e2438b

    SHA1

    ed3f1eebbc3dad2fd04c2de787201dd8a11b6dfe

    SHA256

    71f652d10e658a12ba258e5c7837fd7540c10cb77f1818c65efcf7771719beb3

    SHA512

    014f3dcc60239b037ef970683c6c26b6b9907f3bfe23f87343642654b74c3e06ea21a8bc3122fef063849a0e07fbfee925e6cdda57b50c0fa7d2fbd2f2792a34

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    269KB

    MD5

    d882647ae95e92c82bd66478d7043df3

    SHA1

    52f1b2c5ff9fe97ade8a034c1df965b21b6f2008

    SHA256

    93ba5be8e47ad44f8d31ff6b142e6c21de473b5c725e8b798279f8b0f31d4232

    SHA512

    ec1416cd7b9d251d6c687c87d3626a4b1879debd50d69050a8be6f01475d53f022919aa1a0cb56e14bd6eae316259c2681eb5bc9ad0e01ed909d9aba0a52dce2

    Download Submit

  • \ProgramData\wdgsh.exe
    Filesize

    255KB

    MD5

    e95693ab3c7d0de5b143fde69b7afa5b

    SHA1

    65f9a50cf6b9b906c671d9e1b7746ed0622ac726

    SHA256

    3892191a3e908ac2754cfd0c6cca3c3ce89b9f21e6745fe5226208b19cf536e4

    SHA512

    226c78bc98e9d30ef790a33b7f846c5bd7b54ef1cadbe6165b83b4b1bf4e50e279469f62b35c23f68d280be19a478481a4ed83aa0ef24b9eade5e8c479ee083f

    Download Submit

  • memory/332-0-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/332-14-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2232-133-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download