Overview

overview

7

Static

static

3

c8383db3f5...0N.exe

windows7-x64

7

c8383db3f5...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2024 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8383db3f5706977de7a1ce6f5333550N.exe

  • Size

    2.7MB

  • MD5

    c8383db3f5706977de7a1ce6f5333550

  • SHA1

    e378a19d3f86473e4661c5ae6ce463684c50de1a

  • SHA256

    480a070326b0334f505566e956008f8f6f7e23aec04584d9a6b7d0874198a77d

  • SHA512

    b18a2dcce3b05d141e4e933f02c6bf2208deffd326ebb79542292b469e401e10c97edeca698614c2ca26f91e0e22cecb83b348f0dc1dd79598423dcb572b9632

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBd9w4Sx:+R0pI/IQlUoMPdmpSpV4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8383db3f5706977de7a1ce6f5333550N.exe
    "C:\Users\Admin\AppData\Local\Temp\c8383db3f5706977de7a1ce6f5333550N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\UserDotJB\devbodsys.exe
      C:\UserDotJB\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxX3\optixloc.exe
    Filesize

    2.7MB

    MD5

    f9118aa7d0ec17931b6002e15fbae146

    SHA1

    c0071356bbdeab392ce22281c670a1befaae945d

    SHA256

    3e2eca327b81767d2cf9ecc91b1ec888189c1fc15add6c60daf4374ccc2da13a

    SHA512

    c005123e558395a7081f35864bd128732590bc5b313c2be931c7dbe157e258c3d88988a6973a844773b357ec9927e09b84a3c36fbf2c20ea3fbaabc0287390c2

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    208B

    MD5

    cb1c2f33fae0056c5e892b5e05dba240

    SHA1

    89d6caed87a911abf150de30d74b78f68150b3ac

    SHA256

    425cb22ee906e0f6326dcc05c9a8664595e87215f0340ee10263ba4fc3480414

    SHA512

    2d12e298d3e52c74d50f07da1fef904b210df3e6f900427590b11f15e6d279a543e135376abf5e7527ebc13c3c896aeca3e0ec48d3d6bff5795001659c294e05

    Download Submit

  • \UserDotJB\devbodsys.exe
    Filesize

    2.7MB

    MD5

    0089b9d7f694c2cf3592d6888d171ee0

    SHA1

    3fcf12d173c5e09c2934275b8f76c2964f6809e1

    SHA256

    2c03cfd5533cea5d91d164490d4185a4722a946d652c1362fc0a18a4bfc43405

    SHA512

    ae9bcdba87da91f178499cb1368dd7baee1f9d90658ebe3e268184e39a487c7689d9f9fe8f0d7d78326d02d1ac9b25c995ac2a1df3128e3af4b0ca6113f0cddf

    Download Submit