Overview

overview

7

Static

static

3

bcc3d5db4e...0N.exe

windows7-x64

7

bcc3d5db4e...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bcc3d5db4ece25bd7e6442543a2b10a0N.exe

  • Size

    2.7MB

  • MD5

    bcc3d5db4ece25bd7e6442543a2b10a0

  • SHA1

    df228728178d20dcdf79e0dfd52312dfec8decdb

  • SHA256

    418a716f1e880285370271f52bcee4ee7db2841b424e49762ec7d85eab1df84f

  • SHA512

    354e2bf2642c8851115ef6f28e6ee467c5865df621d08c620b94242308fc863b8f7c6d283d64cb36dcf75b1ca6d81167867076b217da578ba89dbe60e0725f8b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBs9w4Sx:+R0pI/IQlUoMPdmpSp+4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bcc3d5db4ece25bd7e6442543a2b10a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\bcc3d5db4ece25bd7e6442543a2b10a0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\UserDotY4\devbodec.exe
      C:\UserDotY4\devbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxE2\dobdevsys.exe
    Filesize

    2.7MB

    MD5

    1d0371b0021fc2db3959af3c487bd88a

    SHA1

    efbbaa02ba21452f7d293eb96aa6f3b9ca4f5831

    SHA256

    fc135287f881977a3e94733255c9018109febbcb3e5033a7ba807527d775a8c3

    SHA512

    e6968000a906a8325a5937fe5f4a65507b31008ca5f8f327842180fb86ffc496ef492cd3930942bfb2e61cac0d256271ea9b3c1ec9996c8d3bb239efacf4a40f

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    dd0cc20ddf6cf56830f5bf1d249051bf

    SHA1

    19eece1cd211bd59617dcfbf6f137319ef43e5bf

    SHA256

    cd0738ec4575ffd18c06e38e79f227d33409054f635f40bb7d5ac94a6972e15c

    SHA512

    bf78477240ea37511a9210a6b29b8d5396b4591678a50185de7a4e9514d14ed1f807f31d0449a2b615c92070e5e7da2ca408052ade08cb8e9fc4ecf53cff57df

    Download Submit

  • \UserDotY4\devbodec.exe
    Filesize

    2.7MB

    MD5

    5fabf62322069efedac13bf935c1ddfa

    SHA1

    faf236548d6438ea7940da6b30d5fd2baaa5b761

    SHA256

    6d7f0cacfab826a45124eb7cb48ce359c487853867300d57473397224ad783a8

    SHA512

    982e30c500bb6534274f4d13e4717c9bef4191df3402af17deb4b9ef71bccb263516d8dc03f72849a67c3fbe75682ebe27fd4abd2b133268e34bbab2aaa394a2

    Download Submit