Overview

overview

7

Static

static

3

18bf01212b...0N.exe

windows7-x64

7

18bf01212b...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18bf01212bb81efd17086ec065989dc0N.exe

  • Size

    2.7MB

  • MD5

    18bf01212bb81efd17086ec065989dc0

  • SHA1

    aea81576499ea8e7cd4a5898122d9289130d0d92

  • SHA256

    aad290a235503e343dfe00984d07cc2f4065a5800274de755edeb8c18885cf7f

  • SHA512

    c2b59d24609e8aa3475fdccd8e90708adcf81c88f7fc08abc116d20d438c0cc58213a1df367d4721056481d2b81b81788e07877b9667e166b4693c2340cc5003

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBj9w4Sx:+R0pI/IQlUoMPdmpSpH4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18bf01212bb81efd17086ec065989dc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\18bf01212bb81efd17086ec065989dc0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\SysDrvH6\xoptiec.exe
      C:\SysDrvH6\xoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZQ6\dobxloc.exe
    Filesize

    2.7MB

    MD5

    b8b01e7e01e766c413fad56b23235206

    SHA1

    7c5b2f90cbd32272b2c8f30e7a77d7ff8f9c2f56

    SHA256

    5958d23ce61fe71aea56d28740e738863d6398888b581d4a3efda33a03c9b886

    SHA512

    7dc57b6751f39bd783026e4c708bf06d0b3cd4bd252dd7c3f97839697601b32899452d05c7b356ce4f1b41a732e3718ea046083831493647528e26cea5df9eb7

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    c6e1d903b51ea54f7cced5c788d187ec

    SHA1

    a2a9aca01fae1cbf3a0b9480f8e88a82dfa2bbd5

    SHA256

    a25e80bd57b8ff697b61a8adaf1cc41ff1b31aa34b556f65ac5aff3cb9d7f7e8

    SHA512

    7dae82ac81490276f92f79d20ae513c6eb7f0efd3169f23497dd97b61d97026cb3f827cb19c943136fb98c66f6db05bf34dbf3eaeb7065e9767fd97b867db2c1

    Download Submit

  • \SysDrvH6\xoptiec.exe
    Filesize

    2.7MB

    MD5

    9fa2ff0e666016df561dd91a564425a4

    SHA1

    14d10a09cd4afef8b03c891712ff2ad03156f3d4

    SHA256

    f14e49bb14b64efe90333ff61e2f8bac83a7b65109e0457e7014a0f3cd600c6a

    SHA512

    4e3e95a32ed48531c53f086954e84543fe1e0212819058999b823fbccd25753eab667047805d51ae591e895f3a38bf15876b95efc47bdadd6e345046c0339e2a

    Download Submit