Overview

overview

7

Static

static

3

c3124bc0d9...0N.exe

windows7-x64

7

c3124bc0d9...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2024, 15:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c3124bc0d9c447bc02c2df6748c3ed50N.exe

  • Size

    2.7MB

  • MD5

    c3124bc0d9c447bc02c2df6748c3ed50

  • SHA1

    40059151e3f7aee3a4c41b5de91478ab7962865b

  • SHA256

    9483395a1336e3a737fa26fc9bc314708adaf935c75d59f01f19289c57a33c78

  • SHA512

    2705ce468f03db0bb52283315460af527e4adaff27894c97b5f498ff8625139a8d9676a86557bebb8a068d5aa6f819d5b06e40e0f170d01509d6bc9c18ee4cbe

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4S+:+R0pI/IQlUoMPdmpSpz4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3124bc0d9c447bc02c2df6748c3ed50N.exe
    "C:\Users\Admin\AppData\Local\Temp\c3124bc0d9c447bc02c2df6748c3ed50N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\IntelprocXM\devdobloc.exe
      C:\IntelprocXM\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2728

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          210B

          MD5

          2b679f378c60140ab894845ef5b93b33

          SHA1

          340646f7ce3e77849265e60eece80106d5adebb8

          SHA256

          62b2a96d5938e2a30b0deb1c639e9faba7520ee92749825e15a18f94e39b8a82

          SHA512

          657422ab01d11ba536f954a39a6d7901c6dff20e3a6ceac5bc7eee7034faac2addc6f6f68ee2bbec8a0d5b9bf34b31ca2a9e7a0e11ae05e45e7916c251ff8cc8

          Download Submit

        • C:\VidTA\optidevsys.exe
          Filesize

          2.7MB

          MD5

          fa554cb00f06f25b231f237d7208654c

          SHA1

          e3a86f7739c62a6a0423022d09158769fbb767ac

          SHA256

          922377b22711d84aa8a5baef2d96f91f8bbb5668ea5e5a361c18f77ed7f4be63

          SHA512

          0aaf4f1252a21f334c4599bfe7594c82d8a8d34f32e7b14a0e2be758967027e44e4163bb3eebb53e718f16de18fdc914ce5565894f6a9c53f974c3ac0449e8a6

          Download Submit

        • \IntelprocXM\devdobloc.exe
          Filesize

          2.7MB

          MD5

          2ba44e1d930a73f043d2e66b4d71c4ed

          SHA1

          4479c7baa02cbe4f38d6fa5e8e5c507bd084346a

          SHA256

          ef89f54e3233654f9223dc3b49954bd33986ac4a865885cced624d3bd7c82cff

          SHA512

          e871404011b8d80219dad96e9e1f0ae9db47a531445e88db550df7817f8370e8341af471d2d71054bf7d86ed068ecf917dd266284fa10a46881a6a031404d8a4

          Download Submit