Overview

overview

7

Static

static

3

4031416a61...eb.exe

windows7-x64

7

4031416a61...eb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2024, 20:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4031416a612266c0263d900af3962a97f3db8e3e277492f02dfa8682513ee1eb.exe

  • Size

    2.7MB

  • MD5

    ce51473c0a5e8acd65b13fd4f52511ab

  • SHA1

    4198202b99a194edd55a7d01a966e6779e788e01

  • SHA256

    4031416a612266c0263d900af3962a97f3db8e3e277492f02dfa8682513ee1eb

  • SHA512

    920a68d2d1b0efb87b74349f16bd25cd594e13c191d7314459799a1351597245d27f6e60604a5109d509f88e72b74ee9f9c46fece5ea3d840f4536eb9d4b95d1

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB99w4Sx:+R0pI/IQlUoMPdmpSp54

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4031416a612266c0263d900af3962a97f3db8e3e277492f02dfa8682513ee1eb.exe
    "C:\Users\Admin\AppData\Local\Temp\4031416a612266c0263d900af3962a97f3db8e3e277492f02dfa8682513ee1eb.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\FilesZU\abodloc.exe
      C:\FilesZU\abodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint6X\optiasys.exe
    Filesize

    2.7MB

    MD5

    442d254ddba1833cc744f9d9d729450d

    SHA1

    0e09af146694a35f0a714e28081b59c9d592f60f

    SHA256

    5496b96ca7f0fbff3b4cd3c24424a508b26c3177554dd731ef75a476c3556f00

    SHA512

    400cd2b9ac13434666e4ef276371a96d8d7e6ab2e4180ea238c06036c25521cd175d09917eeca68437d8ba0fa6988947a9064af9ce6c43c5ab8e54fbe3467b42

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    32f2c43858821e7c48de997689a61ef9

    SHA1

    102a64d27e63347f96c37a699272dcdb6f632e78

    SHA256

    eba4b7beb243fdb5dfa692d28f82fe4c36d2570e3ce25c845efe54438b1f9c24

    SHA512

    6d0f69540c63112a6918cbdaee66cb985db92588980e0c7b9bff422d47c9e1df0372d9bd2ded56e139675289ae08760ded240ef6e68a0891165ead27f28f8b5a

    Download Submit

  • \FilesZU\abodloc.exe
    Filesize

    2.7MB

    MD5

    9329b80a2fb05571de2f7fecf6711529

    SHA1

    1515377f0b6143843cd2fe586e68501b7fb42d67

    SHA256

    1cb711d27d0e1d92e5691ac2295e99d214356fb5af3f494fceb7388553bd31a1

    SHA512

    2c4629ac8b3bff239be434feedbd167456b94656c6e430324b54441a04311e3d188ba7bd8200d0b442b62c21d9581cccaa603410e63600236d3f2d9fb871960b

    Download Submit