Overview

overview

7

Static

static

3

c8383db3f5...0N.exe

windows7-x64

7

c8383db3f5...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2024, 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8383db3f5706977de7a1ce6f5333550N.exe

  • Size

    2.7MB

  • MD5

    c8383db3f5706977de7a1ce6f5333550

  • SHA1

    e378a19d3f86473e4661c5ae6ce463684c50de1a

  • SHA256

    480a070326b0334f505566e956008f8f6f7e23aec04584d9a6b7d0874198a77d

  • SHA512

    b18a2dcce3b05d141e4e933f02c6bf2208deffd326ebb79542292b469e401e10c97edeca698614c2ca26f91e0e22cecb83b348f0dc1dd79598423dcb572b9632

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBd9w4Sx:+R0pI/IQlUoMPdmpSpV4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8383db3f5706977de7a1ce6f5333550N.exe
    "C:\Users\Admin\AppData\Local\Temp\c8383db3f5706977de7a1ce6f5333550N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Files5A\devoptiloc.exe
      C:\Files5A\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:32

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Files5A\devoptiloc.exe
    Filesize

    2.7MB

    MD5

    e1dffbeb37d24e06028c28489053f869

    SHA1

    fcea9ca416ede1d4ef17bc09950966c96d33a82f

    SHA256

    91cd0377d1475b73fba9b9353b95a20cc41d581c917e36e062c9185904913771

    SHA512

    23202b60f660bbe82cc423c4a0f49776a90cab0245b107b2ac4860c4b3e5abc39439c9f0b570b32254c10023096d14e7ab17e41661a3c99d3f05ea49df1419d2

    Download Submit

  • C:\LabZC8\boddevec.exe
    Filesize

    2.7MB

    MD5

    de6640152ff29ea599762a337fbed908

    SHA1

    d54941f38ee465ecc4af503f7963714d2fdc30d3

    SHA256

    922b21db3851da7e794704d1a6f35570cbb7d435d609cf1562b85d43fae3d4bd

    SHA512

    e2822f12dbf29c09599570f10e0c9b34bfafd2914d72e20db7edf227a6e2eeeede65adcd0314cf6e08425232c689abbc198bb33dd3398dbd91c520235efe855f

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    079921c6bb2762555649194c18906e97

    SHA1

    894c407f9a16b9409cb2049db88532d1086d7359

    SHA256

    5dd65648b112db9977a7a0c3c1571f3eaf4c9f89f2e038872c1a13af21f6c258

    SHA512

    0264d825328ea9290ffcab70e162012d6d2ac7de0ea0729cb26eab131f92b4f99f12d325e1e32884c6a18896ae5775611be5f5cb74a5b7d64e6686099c0a360d

    Download Submit