Overview

overview

7

Static

static

3

64a5f96a77...45.exe

windows7-x64

7

64a5f96a77...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 21:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    64a5f96a773a0d74fd96e998940461c79c91a2f28ed682bd6c8eee0d23b67045.exe

  • Size

    3.1MB

  • MD5

    aa4b522297740d95743a09d25bf01943

  • SHA1

    502598eb7f0ac3f03052ff7e898a371fbc51eb0c

  • SHA256

    64a5f96a773a0d74fd96e998940461c79c91a2f28ed682bd6c8eee0d23b67045

  • SHA512

    fdfe10b31b3872be695e4abc35fa7b70497a278caf50600965ef0da236c7b9f11745ac50a5720131edf8033ebf5aeccdc7a6180f8e3204baae1b661320c5fe9d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBz9w4Su+LNfej:+R0pI/IQlUoMPdmpSpD4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64a5f96a773a0d74fd96e998940461c79c91a2f28ed682bd6c8eee0d23b67045.exe
    "C:\Users\Admin\AppData\Local\Temp\64a5f96a773a0d74fd96e998940461c79c91a2f28ed682bd6c8eee0d23b67045.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:860
    • C:\UserDot0K\devbodsys.exe
      C:\UserDot0K\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2272

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\MintCW\optidevsys.exe
          Filesize

          57KB

          MD5

          efa7840f47667a3117f6749564f4d0d8

          SHA1

          2f9ea952ace2ac73f5c435c29ca0715ab2c23caa

          SHA256

          c54ee0cb686a1f8e5f115f5961fe42bb099cc5b8d0e731655018857f5a5a2bd8

          SHA512

          054a0387d515691aa053f683177337a372c3d76c814dbf1b746fbd5644f32429c3df0f0dc13de38793133df5e15f1f97f3a0ae354765acf16ed3e5cb44066b11

          Download Submit

        • C:\MintCW\optidevsys.exe
          Filesize

          3.1MB

          MD5

          f6e502acca4ec54e14a9946051731704

          SHA1

          e15520ea8ad01d13e0a0b3d3b71ee61cfe05a66d

          SHA256

          3c2e8ac0f81d2156df76f7c2d47287b234ebc44ebee0bdfe583ccb641fc49ab4

          SHA512

          f153f9ce7e375f751db9db7198d02193a3e7fbcdaa20467351e1b16c41d07a64d4e4e34326f1a546234564ecf997bca52b24cb17ba939cddbcf5e4b4d2be919d

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          210B

          MD5

          9fb08a8498984c6c1dfce18c989f0818

          SHA1

          ce3987972c05f4cb6bab3413469a8c57b10d2b94

          SHA256

          11c18e77afffc05d1664b5005a4035c81bcbb29b4789862ac2253cee58d06ed0

          SHA512

          ca111f9e43fb4dc49106390883c9f28e503cbb4e14e63fd9f70738291e632517a6bfacbd6d7a0815f2c06a43f806669a65ff3bd1a7e67a3c0251e0b41a9a5506

          Download Submit

        • \UserDot0K\devbodsys.exe
          Filesize

          3.1MB

          MD5

          0ad7270237e37026d75da9912786483a

          SHA1

          c67bf4fc0b5498d7335cc976ab540d89600f2ed5

          SHA256

          2e2074277cf471326893ea6233697470f1c690f86355e02a6ab0c42fe6bd8b00

          SHA512

          f84b328b47a7bc322ca4b6f07fe61e7495226abac75122fc3d4d6f63f4a47f33a5c33e5264aa120e3bfe2e414cf05e453ea6f8c9191c8209fa1578676617b481

          Download Submit