Overview

overview

7

Static

static

3

d7b9830bc9...0N.exe

windows7-x64

7

d7b9830bc9...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 22:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d7b9830bc9a120d73664518011253240N.exe

  • Size

    2.7MB

  • MD5

    d7b9830bc9a120d73664518011253240

  • SHA1

    523c92dfa4a68172d05caee3a8c67f8f3a810c5e

  • SHA256

    33a3b8177d40416cff50e2c6b822bb9c3aaac50f060860d117004e8bc85f1d25

  • SHA512

    d2db3c4c341b6199adab7de2a709642ccde9a8677434c5167e8b83d792a646c7ca74e30cb411fd708bae0b78eb877878cedc693430544944fb154f266092e419

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBS9w4Sx:+R0pI/IQlUoMPdmpSpE4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7b9830bc9a120d73664518011253240N.exe
    "C:\Users\Admin\AppData\Local\Temp\d7b9830bc9a120d73664518011253240N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\SysDrvUS\devbodsys.exe
      C:\SysDrvUS\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1472

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\LabZJW\dobdevsys.exe
          Filesize

          37KB

          MD5

          2247b1232f84c0508b642310f68bfc49

          SHA1

          690b9b12ab2b93609b0d44bd92c024031ad741e5

          SHA256

          2623211d6ad350bc2b6f50a12916891ffc285559b1ae82443f069f375e0ad286

          SHA512

          dc873fd19b5a07c6d522b831d7b4ec23f0bad39fd6f96629cc804aae98a06da1c5fbdddd9a9af904bfc65bfab26df4a22a39a65e74986f2e598e7d72d2702659

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          206B

          MD5

          912a4a2d2cd287e023df7838961d92ce

          SHA1

          d4a9a485affa5260f05d0e72cd45ed55ce0fd98a

          SHA256

          d9071d7ca5e890a2103d87506df2a73d45c23fc78b1a81f0b772de156abe6ee1

          SHA512

          26aab1474c96ed638b3d1531d5791ac21d28e4ea711246bb67b8055fc61df69d48b02adaffaec0cb52974e1adad6f5e1c24a2b81048d193d2462ae0c1cffe067

          Download Submit

        • \SysDrvUS\devbodsys.exe
          Filesize

          2.7MB

          MD5

          f025b659ca1849bc4ab6e8ea6e1b8aef

          SHA1

          107e5d0f5425eaa7fc296598ba95fe60edea5948

          SHA256

          29c95a6062990dd5dff619bb44d05980ac97e0c2a7d28c15545bd08916244f0c

          SHA512

          4b1dc4b8b9809348eeba253f493d6c95617d241e02a25fc2c179b1b643b5a115cf5e5e235206c85276c7574be6688e9fa9f1a962042276e995d874056400066f

          Download Submit