Overview

overview

7

Static

static

3

3e09ff4aa8...0N.exe

windows7-x64

7

3e09ff4aa8...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-08-2024 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e09ff4aa8f26794de27c3e1a6fb39f0N.exe

  • Size

    2.7MB

  • MD5

    3e09ff4aa8f26794de27c3e1a6fb39f0

  • SHA1

    d643f711570e2771c700d22f06f7995e4f60dc49

  • SHA256

    30a532b7e6bc2a5c653736365dd8a168178d61d9cad5f5eb0ef1199ee1078ed2

  • SHA512

    0546b9e5685062c37d4345b6eadeb8e9ca62da85398a2b54dfb7f95fea9fc6adc19e5e173553dc5948a62698c874694c538b5ffa4e4a3242e44222eff9f3b1b4

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpr4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e09ff4aa8f26794de27c3e1a6fb39f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\3e09ff4aa8f26794de27c3e1a6fb39f0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\FilesZJ\xoptisys.exe
      C:\FilesZJ\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesZJ\xoptisys.exe
    Filesize

    2.7MB

    MD5

    cafe81a1a8a808ba6075e6ae11430556

    SHA1

    29bc979b289d230d117b45336629a2f2c3792aca

    SHA256

    6ba67f7589e22cc60a0d2cf45cc796985690a9dcc2b31dfd13330df8041d9458

    SHA512

    3ae6a9b53eb55aa9c7f3cf7bf39155c67eafc0ace1463f88d5bf74a80895dbb9746bb814b5884a6fa7e45aa7e6772f1c17637b476d379d7d9dd3fd508b6b6621

    Download Submit

  • C:\GalaxEX\optidevloc.exe
    Filesize

    643KB

    MD5

    caad0d589418b5acbc06c16128f91def

    SHA1

    5397fc5a67743bcdd367bd3bc2114d619d59e9e8

    SHA256

    c99a7fe99547dd40140bea87dd2a8cb7947791c2ab442f66676d74d83dac5186

    SHA512

    72facac126d24d045557f1c5e3cd47c25dffdbee99af63e2b16294c08e79fb2c9476a7e04071878e5d7d5b9d772fe74917af66434e349bc524b0aa3e60274776

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    72f3ae65ec7b13c2ec9b966ec6228744

    SHA1

    fa308c06ea670252c7351605557c5807e203beab

    SHA256

    8031f008a2d2c3b637a803d032bcf4ba82c1301c634fc41621e8f2d7a952990e

    SHA512

    14b58978c5e459aacefb46f4cb269cbb0d980bb4a721ac05bb203e2995caaa46867e2a1e227644fee79a957db08b381a6e503daac21950a3035cd74527db28d2

    Download Submit