Overview

overview

7

Static

static

3

1d3813e160...0N.exe

windows7-x64

7

1d3813e160...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 06:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d3813e16021368450e16271ef383de0N.exe

  • Size

    2.7MB

  • MD5

    1d3813e16021368450e16271ef383de0

  • SHA1

    f762564ecb01a8b40293f8faedd885987eb4d267

  • SHA256

    3e72047d87d025478d2979392a0ecccf33e80ee000dcafd3ee28ca8c585674c9

  • SHA512

    cf79ec8673ddc08798b2eeb352962ca9818a7f5ef715d88529a031837e68634fa7bfc7c6dd84b94121f00a6e9ad3c7e938f63140b4dd0c973f4b04b7a63ebf9c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBd9w4Sx:+R0pI/IQlUoMPdmpSp54

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d3813e16021368450e16271ef383de0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1d3813e16021368450e16271ef383de0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Intelproc7Y\devbodloc.exe
      C:\Intelproc7Y\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc7Y\devbodloc.exe
    Filesize

    2.7MB

    MD5

    23473b36276be7537767707669581559

    SHA1

    e8e0b9dd8073783137508e95f6ce7c98df18f000

    SHA256

    158f16e96d06892b0e55ba6d17371e2d9bc2ea1b614a2349048fafe6827007e1

    SHA512

    59edb832b751772df6e5a57529743640a84aeccabeb9650eb66b164c0f2f56d7166bd40abe64e99b6870af10057d90177e3c982d1b08973dd092ea41470ed617

    Download Submit

  • C:\MintUN\optixsys.exe
    Filesize

    22KB

    MD5

    cc51b3b7d209610f7a21f92f3b22e1e3

    SHA1

    d340f9fa1dce87346279c88d1951a44ae8a2a3ce

    SHA256

    6ae2d32ade74ce7d12c65077d60081010e1011e8a3aff6f70b42144fbb283a2b

    SHA512

    ee53bfc3287b9521ed72436ef4f8f763ec3d288c178bdedb22629440b3472ab7431c47027b83dc1dadb9c434f80a356aab24a536824210f7f94672b2946cd921

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    207B

    MD5

    d41cb0423c1b049a4bdf949391c6ee88

    SHA1

    becc0327dfd4e23fddbb4544f34cba9a69aff6f1

    SHA256

    2ca5f167186d43c03500a58862bcb48e41f0050811ddd947da7d432c18b57129

    SHA512

    73b34430808e7335feb45c8c7a7e858f0467ffc1ad245b6326ffbe16d3eec820bab5ba635c4f47388ae4d13e55ac9b4f9724edf0f07c43d960a1e5b8bc415913

    Download Submit