Overview

overview

7

Static

static

3

6ca6287e86...fa.exe

windows7-x64

7

6ca6287e86...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2024 00:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ca6287e865ef445cfb93e7f2cdb2dbbd06909a5ad027884ef4540a9ab811efa.exe

  • Size

    2.7MB

  • MD5

    bb0f185838cb005467c702d14c9a7694

  • SHA1

    7a184a5899845aca5e387268d35eedafa752d5ef

  • SHA256

    6ca6287e865ef445cfb93e7f2cdb2dbbd06909a5ad027884ef4540a9ab811efa

  • SHA512

    33885f317b3593838650701a0ab702ac5c9426077d60482c3a21ef99437d93b32a3c905ab42e4a358e0b66e02ce5d4d9696bf1def4ba51cbec659bdc630b3125

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSp84

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ca6287e865ef445cfb93e7f2cdb2dbbd06909a5ad027884ef4540a9ab811efa.exe
    "C:\Users\Admin\AppData\Local\Temp\6ca6287e865ef445cfb93e7f2cdb2dbbd06909a5ad027884ef4540a9ab811efa.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:772
    • C:\UserDotX0\devbodsys.exe
      C:\UserDotX0\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint1C\optidevloc.exe
    Filesize

    20KB

    MD5

    7bdca6cf2d00ab8b26d8585b0da0c634

    SHA1

    c50ea7df9295ae9d1740613b1e76a0bf51f338b4

    SHA256

    29b763903a0d649bb5942c5703d71b907b3e6e6c4c6220a100fff6427318b831

    SHA512

    9670f9cd0a8d1ce4f61ca62fc0d126b204f631daf37364025cbdd8dd78e8d8b102c96e3dc6262965adfb921ab76015ec3114d80c8a233ba3427074ef2353cf6f

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    dfdbfa38c9ae8539e420664cc3451321

    SHA1

    6eff70771bed19a672b37f0469ca54f287a0f391

    SHA256

    c01423b624e45563efd5803700ab5310ac2412960189c5f13c2940674f3aeefc

    SHA512

    c740238bd77799b724b54d3221b1139f127effc27fe28c38e85f399b53d0415c198bda0e922dff8d9f85540e95f538b33455f18543af1caaa22731df62864948

    Download Submit

  • C:\Users\Admin��
    Filesize

    2.7MB

    MD5

    89353cd18e33a55ea134a190cd271520

    SHA1

    3dcd053fedb513babbe234f3bdd3a8e13710fd12

    SHA256

    c483c283b6e175e62c55575ce95196cb29b0a99399b072ef8fb9924a87e01dfa

    SHA512

    0be18c4aa96ea8d44255600c972044b59509c4edb83fc8d0d60cd69c77de939fc3fe4ef77470724e1bb642f66e4ee42f3e215362c779650cf16359c6dc0bfa39

    Download Submit

  • \UserDotX0\devbodsys.exe
    Filesize

    2.7MB

    MD5

    3dfd7aa10432f74f0fd6002f55ce8939

    SHA1

    4418561de83b90d439635d2efa210861ea0fe8e6

    SHA256

    2add3be566015532f8aa66a0e4c1ecc05890a958a45722dcf6e02dbfc22488c1

    SHA512

    8174de30ff020a15d9cbe50f532c94984f0fe5f66fe66a76c43262b1346b1301d58a675fa67ffe2a8400a3cac1cd80a7d32dd02ac4562005cae47369853ff5e0

    Download Submit