Overview

overview

7

Static

static

3

e50ddc0ac0...0N.exe

windows7-x64

7

e50ddc0ac0...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 07:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e50ddc0ac0961f65272fc4370a017d50N.exe

  • Size

    2.7MB

  • MD5

    e50ddc0ac0961f65272fc4370a017d50

  • SHA1

    d2ebda900629e7cdec4e3d4b57b98b89d7b575c6

  • SHA256

    a5e411e3724df697d4585b97aa637301029b17510e3a0b48ffd63cbe10ba8f58

  • SHA512

    32c3fb9b861f0a5fc8dbf528145cf19cb39f74e237341880dc6f080f6c5c7f5f226853fcfc53467828205052d370337b940c769fdcdef9cab295a57f703c7cab

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB59w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e50ddc0ac0961f65272fc4370a017d50N.exe
    "C:\Users\Admin\AppData\Local\Temp\e50ddc0ac0961f65272fc4370a017d50N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\UserDotZ4\aoptisys.exe
      C:\UserDotZ4\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxMR\dobasys.exe
    Filesize

    2.7MB

    MD5

    21384485573e10a82f7a8011c13013a1

    SHA1

    8b63242f0e4aa6990516fc0c4dcf984a3317fc44

    SHA256

    83220dd69f7ff03a8094cb5577a607527b9dca7622b65acd16c82534b41ab397

    SHA512

    d4ab6de972750a205c018d6b888da2aaffe3985bc97b64ad7e1194ac6ea9bc85953ccdba34da929f9b5c4b56c5dce45621ee365537a2e454d1b942e31cb9b6ea

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    206B

    MD5

    4a3026bd7635ca8c61872ddf58ebf8d5

    SHA1

    e3fd7ad9aac012dbab778f0b396687f385ccdb89

    SHA256

    bdc3ecb7d866d7796ab7bb28f4ca95a9c19120cdee0ecfffb76fc115dd93d6a2

    SHA512

    255810a9a3b2522451d8d054561191a30d508ca78b98f4111c5b017a0665ec53db00eec9e695832d0d273b5f038cacacd4488dbf62e7ca1870db1c536a05eafd

    Download Submit

  • \UserDotZ4\aoptisys.exe
    Filesize

    2.7MB

    MD5

    1dc32cc98cdd4e2371e0c0d94d33a3a4

    SHA1

    1b65db3dede23da1a1cc319feec7b4fd477e3e72

    SHA256

    8c51fee74408a860f8471da5db1f9514d21b3bcdca435fd9b155bf46476ef34b

    SHA512

    936716fa05bc7f720236622f94ab8abad8bb0947703dd81cc6b39fd30c3a80d15b7e397b148f5848fc1dfb7ca99ddc3188c16890e3c7a3d4ca142b6da9052ad8

    Download Submit