Overview

overview

7

Static

static

3

33ca132386...0N.exe

windows7-x64

7

33ca132386...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 15:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33ca13238619f87226fdd4befcc73c30N.exe

  • Size

    2.7MB

  • MD5

    33ca13238619f87226fdd4befcc73c30

  • SHA1

    8590703c0ca2e721fb99e1583daa4aa476e6d2da

  • SHA256

    1e22a72e6f5075aa2d476b4c368b699db6c44ff39f4fc17a14dd815c7e773597

  • SHA512

    863d2894729936f96d045e4dbfbf3cf9d13275786987f5dc6d0a14b5a711c0a64c6557dd1947cf6dcd69b0c97583e4c402d54f08540552dd65dd9491ac9eb8de

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBF9w4S+:+R0pI/IQlUoMPdmpSpx4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33ca13238619f87226fdd4befcc73c30N.exe
    "C:\Users\Admin\AppData\Local\Temp\33ca13238619f87226fdd4befcc73c30N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Intelproc71\xbodsys.exe
      C:\Intelproc71\xbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax6N\dobdevec.exe
    Filesize

    173KB

    MD5

    7672812692937c501180dc5b64ef4eb3

    SHA1

    cefaeb3ffa9a0c1f13b103973231c59eb2658659

    SHA256

    5a9a1282419997126d8bed14801f549d6921c0f2e50e0535f8c0cc74783df58d

    SHA512

    5d25e2927becf77b0c9fa05417c845117fc7b3966872f626568ba4a1073a48842f8d33434b0c3cb698759e399c39984b0e6cef4c2819ef37d94a39ecb32cbf39

    Download Submit

  • C:\Galax6N\dobdevec.exe
    Filesize

    2.7MB

    MD5

    6385a3348fdfb80e5fe636114147bb9e

    SHA1

    168d4d634f05703e8b17b9a35b23d76b0e7a694c

    SHA256

    2ca8ae9278768b62df26664233101a43cecc0bd860fc854fa6a4f43a072fde28

    SHA512

    ee642ec14b6a016997777747fb15437bac5c82575f1b611e0d4d6790ffa687cfb96714642fee5e1266df5dd9895711d16c9b845ecd72e0b5247d9c9b8aa8d005

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    0dd91e8da381c66d711a3bdc963e244c

    SHA1

    72a6ad116eeed02dc0cf6fd76c65a80b4bd719a8

    SHA256

    6ff3ba896f8daad000375c7c0111e4ffb338678ef700987eb071f1fce2626a22

    SHA512

    9f5567d652a7eb543c908bbdbdc328641ec8b568d2dd32f0198b0dcd82f77a54b7dd8291e182ca4f7a1b595d9b801b2bf8cbe440a7354d2117518a6aadb2ead0

    Download Submit

  • \Intelproc71\xbodsys.exe
    Filesize

    2.7MB

    MD5

    5f4a8fad37e2d77059baee5c89fa8b82

    SHA1

    32cd7024296d4c9ec74421be484f18a6ada71308

    SHA256

    9e956cd532210ae7a61a7992725006eb6d76b1dea49f7c6dd738dbde14ef2306

    SHA512

    b854ed86b140a7c91927a3bb6a6d61fe97208be80c9b86e4f74d72755f7ee93540bf4fcc7354b6982b61399a3e5f2d9638bbb354ee1d1df05c9cc320d6697cf8

    Download Submit