Overview

overview

7

Static

static

3

c99b68f8dc...0N.exe

windows7-x64

7

c99b68f8dc...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2024, 19:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c99b68f8dce3b1b6bba1777a65a2c780N.exe

  • Size

    2.7MB

  • MD5

    c99b68f8dce3b1b6bba1777a65a2c780

  • SHA1

    124bb13218ae9f0cb98e9aebb9dda131c2d44c90

  • SHA256

    49504683848583fef250dda790eb1d24ff0d6e2ccb5a6b5bb42811c266dea36b

  • SHA512

    5379b0dc66817853e4e532e8322cccd5ede85726ffb5b0efb5791170fe0559d3238ca806a67437dd1687e406f04abe83c81c696090e8fb69dc56e59060171458

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBs9w4S+:+R0pI/IQlUoMPdmpSpe4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c99b68f8dce3b1b6bba1777a65a2c780N.exe
    "C:\Users\Admin\AppData\Local\Temp\c99b68f8dce3b1b6bba1777a65a2c780N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\UserDotJM\devdobsys.exe
      C:\UserDotJM\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2952

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\GalaxK1\optixsys.exe
          Filesize

          49KB

          MD5

          1bd0fdd46036d0b1b040af66555e64c3

          SHA1

          6e118151c7ba968fcbb55b7ace9210cf4c6fffaf

          SHA256

          f77f7ec707d73cabefab8f5091fa6a44c1f283a5e828abe60b6ae8b14280115b

          SHA512

          24bc69bfedc2be22da461a33616e8bcb8d9c3d04c896088a684dee9ac24db60f27ea0fbaf11be0ba7923669db815e7bad95c014979e62b151409f020045bc175

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          208B

          MD5

          55d6c05f28df534676325d9dede6aa27

          SHA1

          e3f7ba91be149a37c451e7d1b0a9fe36047e2e7d

          SHA256

          4af748c782ef83748c925677725d81b9226039d0030c1578be3092a3be18e75e

          SHA512

          d486b27de48b99cd42d9dbab5c92f25bbb51f75c2eaebecf6f1a5b090db575099583f662b5e1aab6577685dc8be1230fb80214791c8873a70e53c51c84737352

          Download Submit

        • \UserDotJM\devdobsys.exe
          Filesize

          2.7MB

          MD5

          8e92feb7224d0f657193afe4550f8bcd

          SHA1

          7a76ccb8200009a45d9770bb1a0b7aeb6390ac66

          SHA256

          870359212170b664c355c7410a737736de6e8283b59573272542b0c88189d80f

          SHA512

          b5685b9ad0072e5230de825f9b79f32e86023a233b4cdf42d3fad55f68bc8d2684b281fa72756842db5cc14dbf71c5b23e592cd2fc2b2fe45bc90eed6d197460

          Download Submit