Overview

overview

7

Static

static

3

2d4d3278cd...9e.exe

windows7-x64

7

2d4d3278cd...9e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/08/2024, 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d4d3278cda518d1150747c2402933ff5d687a9fc2809b9c13d7b3973bbaab9e.exe

  • Size

    2.7MB

  • MD5

    3948c5a63c978e7f9b520b8bbc38578c

  • SHA1

    6e90d3bed4bed7a27a799a07008b3cd5da5b64d0

  • SHA256

    2d4d3278cda518d1150747c2402933ff5d687a9fc2809b9c13d7b3973bbaab9e

  • SHA512

    c97a63dd37c64d2105c7cff30bf397cd8fe12a9bd180fa02a1c091a27da5da4edbba5a298d044ed81c05f66114204f00eed8eae03bc8b384d9fca9f1747c0a69

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBs9w4S+:+R0pI/IQlUoMPdmpSp+4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d4d3278cda518d1150747c2402933ff5d687a9fc2809b9c13d7b3973bbaab9e.exe
    "C:\Users\Admin\AppData\Local\Temp\2d4d3278cda518d1150747c2402933ff5d687a9fc2809b9c13d7b3973bbaab9e.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\IntelprocIO\xdobloc.exe
      C:\IntelprocIO\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ13\optidevloc.exe
    Filesize

    2.7MB

    MD5

    4daa27494d14fb84c6ab7b20e78f710b

    SHA1

    17611db80e6a5a3280b93775b9f611cd4f726553

    SHA256

    5e02be35934c3f2ab78a3142a7414925c29f2c9955a80c60fe5489c72428d9bf

    SHA512

    5c096a17a48bac0ae43f2e1d43de9f9fa7fc46152c16343d2fd2be6cc8d9f93005dba7b3a34850eb9d7d82d55a8f9e0b6fb610fbb0d1e03ed80aeb52db2ce74e

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    209B

    MD5

    a243952741fdbb28299fe308e810408f

    SHA1

    6ca9c0a70e7e34ff747ef0709f4018928993df9b

    SHA256

    982d30ea370a95592430cad834bd08024b4c259afed5bd4eaf9e5795fa833d5e

    SHA512

    768933b8987f4f41c39866d84bbe10b14d75a4cb146925b8801968132436478a3981c14d62e955784a82d4ade6f7d02a3d9346136a9ab9490cb042abadbac29b

    Download Submit

  • \IntelprocIO\xdobloc.exe
    Filesize

    2.7MB

    MD5

    147c35f93b223ba0bf6721001abf5317

    SHA1

    4e2efc87c0c077e1ac0c29c7a460e49631de5155

    SHA256

    400ac990eaa8dea74b48e41af863367d6201e00d9a8f6c35d37873a119bb9720

    SHA512

    e5fac6e5e7b02c922d7dfb272a0ee45f56acd3352b203e591aa473204b7dd63d07dbfb3cde3f027a1867d7d92cb2df7e27d1ebbc05636f80328ee82c0d0e7ba7

    Download Submit