Overview

overview

7

Static

static

3

303ff56449...0N.exe

windows7-x64

7

303ff56449...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 05:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    303ff56449b11f635c04d89dff72e490N.exe

  • Size

    2.7MB

  • MD5

    303ff56449b11f635c04d89dff72e490

  • SHA1

    7dc7894c577fa0dc9f74fd84ab4f13e367cc7351

  • SHA256

    c82802a5f6f8abe5ae77d4361531e6577fb20e43c93cca810cd4001b7de2e480

  • SHA512

    c070b6cd3917c8f0957e722c356daf17cb24ea45f1f98a901192732c69a8fe690bd4e287f1cbda83a3e1fc841639fa7cd53788c60ecebb9da93c5c9a376c867d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBr9w4S+:+R0pI/IQlUoMPdmpSpH4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\303ff56449b11f635c04d89dff72e490N.exe
    "C:\Users\Admin\AppData\Local\Temp\303ff56449b11f635c04d89dff72e490N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\FilesG6\devdobloc.exe
      C:\FilesG6\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax2L\optiaec.exe
    Filesize

    1.5MB

    MD5

    933e36efe84d567640c103d6b61f8ea3

    SHA1

    3b412b89e237e118d8a4f45a0171f33cfd016e76

    SHA256

    cf56f6d7b50e3cb2c44df994f2054e4e6e784f5381085239fac37957ff135bab

    SHA512

    3043aa9313b413362fada58176b1c74bdec361bd7b471653c8ce92546c09adf67b4cda463eb08872a5ce07dc99cf8059508ee4c83d26acaec3b6a9d91005995b

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    8a2cc69fa070a3040b3cd1a43f3575c9

    SHA1

    13c8bcc293d9caacda325a68e1648a723996f56b

    SHA256

    04b396cc9e8081ad691e01abc2f244f64ac80c2d8a34e0aeb5b45eee3403bb15

    SHA512

    2a600c174a2561e1f1afb9556168e3c3fa2da83fb814e28d3a9780a983edbe97643b5047f604be5ef58a79d07ec6320a5aed3054b2d8e942df9a0307a5e66968

    Download Submit

  • \FilesG6\devdobloc.exe
    Filesize

    2.7MB

    MD5

    222383d895cbe1dbc57e60ff8ae186a1

    SHA1

    f70f938af5f588723e680dc87563ed31361257f2

    SHA256

    f192c7906916acfeffbc34196ec887bdd7af5de4c8bf54a8f2316b2869d0028a

    SHA512

    63f335c058e0a7e30920509d55cf254616f75408d821e1ee25905c8dd311c36f001f6415e4653cf3aeee4a1f186a78bb06d2a2cba1fc49e0bf21b1ffcbba55fe

    Download Submit