Overview

overview

7

Static

static

3

97f112cc5d...0N.exe

windows7-x64

7

97f112cc5d...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14-08-2024 01:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97f112cc5d44dfd8315caf9d34e605b0N.exe

  • Size

    2.7MB

  • MD5

    97f112cc5d44dfd8315caf9d34e605b0

  • SHA1

    f35f30a9e4892e7157bfa4fc3bb7821dd1c48aa6

  • SHA256

    05e3723bdad6d29aac61b6682079c21ca582a56635aa8cb9afe2dd559aab8031

  • SHA512

    ea3d3493beaee206c254917fc85214750f3b64bd909588e1d02529a25d587cacf92b4e3c54f1efc545f2bf99c1cd0103ea0b1d71ca6720f225a8877067da422d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBt9w4S+:+R0pI/IQlUoMPdmpSpl4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97f112cc5d44dfd8315caf9d34e605b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\97f112cc5d44dfd8315caf9d34e605b0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\FilesCQ\abodloc.exe
      C:\FilesCQ\abodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxNH\optidevloc.exe
    Filesize

    2.7MB

    MD5

    e3c59dbd575484e8f31630c3be4c3bd4

    SHA1

    4e895f91ef1f87c78167053e313aff3c47031973

    SHA256

    0b60b1f57507d51a07c892515018f267bd0f1e744dca33d576b3ba141e07259c

    SHA512

    e7051f6f41272be0d35b745d8fd5417527611f2fac73275e2c14d0489ab95ada9e2de849d2817ed71229b84deca48224369c1747c6e7eb23b872cea3617ddbbb

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    192B

    MD5

    255f8b017db99a023f0c5b8a830433cd

    SHA1

    e1a1f040d63e0bd4cbfa31a6d910ac147a4b4ebe

    SHA256

    a23e2879ae5c81e7a18e8d6fb7b94914c339f0bd17d632ee2d793beb9b280532

    SHA512

    acf47cef0b160eb6afb58c4d22ce2a76eab43b24bf4aec76941556d1d2a4d0222c1c20332bbfc7670c46204a8f309ed682796df3d630bfe215839908cfe4acc1

    Download Submit

  • \FilesCQ\abodloc.exe
    Filesize

    2.7MB

    MD5

    9827de7ce2531194509d32e623f0a55e

    SHA1

    5bba1405a5d6a3e2453ffb3af933ece1e6119096

    SHA256

    1cec0193461da9b6548a3b5cfc5f8aa3ade53fc9634432bdf2ac0005aa3dac7b

    SHA512

    f51077b446d2ae800b15955ada5493e974063b23302eb7696c413a2a4f19891f7e5a859fc962a2984565bd636a54d5e77b35a6ef01f918381625e48454d8bc2d

    Download Submit