Overview

overview

7

Static

static

3

dd30e0feeb...0N.exe

windows7-x64

7

dd30e0feeb...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2024 19:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd30e0feeb5acb0763ad4d2db3df8000N.exe

  • Size

    3.1MB

  • MD5

    dd30e0feeb5acb0763ad4d2db3df8000

  • SHA1

    05805e6cd559f767cc932171720b37efc7c15df2

  • SHA256

    1e7b7a115a3537640c95fcbbe239c0b43c991144bf41867e487ace1fbafcebd3

  • SHA512

    713330ba87cc364db2eb4ef8a3376e49ce30e869618f9b3de790ccf788d8a6cc946fb2bc7bc60b56554df511dfc1211bd2d7a737cf003aee50d2456197414931

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4Su+LNfej:+R0pI/IQlUoMPdmpSpL4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd30e0feeb5acb0763ad4d2db3df8000N.exe
    "C:\Users\Admin\AppData\Local\Temp\dd30e0feeb5acb0763ad4d2db3df8000N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\AdobeZG\aoptiloc.exe
      C:\AdobeZG\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZWA\bodaec.exe
    Filesize

    3.1MB

    MD5

    e14ca13a2a62e47ac409bcd61e953b17

    SHA1

    82d85fe33c0297c6ae1471999aeafb7551f200a5

    SHA256

    87509074dbeccd08044ef7060aaa7bf8fd25e1d4d7814726e243d4f07f1089ed

    SHA512

    cafd87acd088c56f20c7ca2f0c6aaeb5149ead38109c8008bd6f3491245cf1c441cf23ab11847406ab1aeb1120c092ebd23f78fb2859a260901deebf5117c2ca

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    cc8f5c7895dec3df882735a6c1ff1f7f

    SHA1

    37e9905fd6d706464b6fff8a2d736534d7e78829

    SHA256

    54478fafe9a0acd2ab699a17cf994911326b08fbf939d828c27b655f445780cb

    SHA512

    9358e19243e82954ec659b26a3a5f13f7fc9150217126f487f0dda24dd1987f15a0b5df469bc48707612c7d9a3662fb611264d76e5df7ed1ccfaafb4895c8fc8

    Download Submit

  • \AdobeZG\aoptiloc.exe
    Filesize

    3.1MB

    MD5

    e8b60e6ca35ead692784cc7e9c5d86d7

    SHA1

    f9dd9d3b055fe1d5ef6a7687775f9e98fa2267fc

    SHA256

    515253c380b562028c44cba0c3c2a822920c371477336768c7859b6adbb781ca

    SHA512

    5e8263733c96f6aa3da0b2be3ec8d50db562f0658ac6bb7788045dbe76bc16ea76c3ba9dd3187e4e4cb382d380cac0e8b535d5d2b89cb8142d51c0846290a2e1

    Download Submit