Overview

overview

7

Static

static

3

dd30e0feeb...0N.exe

windows7-x64

7

dd30e0feeb...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-08-2024 19:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd30e0feeb5acb0763ad4d2db3df8000N.exe

  • Size

    3.1MB

  • MD5

    dd30e0feeb5acb0763ad4d2db3df8000

  • SHA1

    05805e6cd559f767cc932171720b37efc7c15df2

  • SHA256

    1e7b7a115a3537640c95fcbbe239c0b43c991144bf41867e487ace1fbafcebd3

  • SHA512

    713330ba87cc364db2eb4ef8a3376e49ce30e869618f9b3de790ccf788d8a6cc946fb2bc7bc60b56554df511dfc1211bd2d7a737cf003aee50d2456197414931

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4Su+LNfej:+R0pI/IQlUoMPdmpSpL4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd30e0feeb5acb0763ad4d2db3df8000N.exe
    "C:\Users\Admin\AppData\Local\Temp\dd30e0feeb5acb0763ad4d2db3df8000N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\UserDotXZ\aoptisys.exe
      C:\UserDotXZ\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZN2\bodxsys.exe
    Filesize

    1.3MB

    MD5

    39ae478e12a6da9374114c132682ea8d

    SHA1

    204754f87920abeee666de75463cce362b7e8319

    SHA256

    4dc6bd368ce8733decda17fd4dd578d40e9c212a1e5f180229e75c9044001b6f

    SHA512

    fc2268bb006f94d53b4b0d5c202c8eb52e080db4850d05adfb02090cf80dbfd378e642b1714dddc101263741844d052d7ca7aa8c6a20714f3ddaee1601f68fdf

    Download Submit

  • C:\UserDotXZ\aoptisys.exe
    Filesize

    3.1MB

    MD5

    5b5acbfaba463176237b50c1e69bd8b5

    SHA1

    5d9f56c61bd18f212f8340e72019bf6568eebdfd

    SHA256

    9c530a689dc9c7177243258fc52452bd142e08e6af39abf395770c7de6309575

    SHA512

    d9ad72b00d2d933508665626426561fe8bf1c52aa79fde29fffe0cab40be8cb2857cd596e10e0bb1118db1832a7420f1e8fda4011c16a5849a0f118918ced4b4

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    77264d9d687b0cf824daeb1cecbf7593

    SHA1

    4a67ffe6284fbcfaf5d4ab26d592ae8c500997d5

    SHA256

    58db858638eb0368647c82c7b271b4f7618b43ebbfce2f190b631a2a92a0dca6

    SHA512

    b468f77587a71057b1f7a3273e17421dee7e2927f9b3cd01ad73b02efa44f032ca345ea01aa55c209394e57c05a081569a3b816cca8c9c864faa005a1c0a65b0

    Download Submit