Overview

overview

7

Static

static

3

37abe3e741...0N.exe

windows7-x64

7

37abe3e741...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 06:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37abe3e7419258005219514c404a2b70N.exe

  • Size

    2.7MB

  • MD5

    37abe3e7419258005219514c404a2b70

  • SHA1

    677841e772a3b17b89e4ba539e48f7a54ff17771

  • SHA256

    b8d2d3ff455db439e87e0273cf74d2bd9a6ff59520acfbf16667d835b8674141

  • SHA512

    8c8a417fc1ab972db782105785f1423d00890169d15d2cbe059bc90d5c43c6d3f498d0b677f07593d434ff8fb1e572108e0e01fa1deba035afe4eeb033d9d442

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpn4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37abe3e7419258005219514c404a2b70N.exe
    "C:\Users\Admin\AppData\Local\Temp\37abe3e7419258005219514c404a2b70N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\UserDotSX\devoptisys.exe
      C:\UserDotSX\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    6d5a6f382ff919a365d3f23ba4482083

    SHA1

    dd92afe0a3d27d817c5938c801d3965de14a306a

    SHA256

    8da3b2d4973bc01ba2b4476021f49066eaac1717cf08b0df3465094ab950119b

    SHA512

    81f74284bd351a8ced563a8b8c3f84dc5745f7a041042591c4edab3815f5f5cfb2b3f10bf75432908464ef5d97343cea20d8193db5a115ff27d8898debc1cb01

    Download Submit

  • C:\VidZ7\dobxloc.exe
    Filesize

    2.7MB

    MD5

    c84b6a1d469e25a5445cf31550ae7ab3

    SHA1

    5806594447406799a6a438d2dfb3d8ddd79010f0

    SHA256

    b7da5e5c9573db7211242cf6e084782a0aeb3d61307f34b19725022df07d5f38

    SHA512

    d144f3d38a18b806d759083eaf66df1aeaa2e9a03c361b681863d91a6e807877a1d27ccf772ce6c7cdbf6c4077bfcef6139b2f867cbc16174b9325530c4b96f5

    Download Submit

  • \UserDotSX\devoptisys.exe
    Filesize

    2.7MB

    MD5

    0cc0d164369884954265ece386f8eedb

    SHA1

    24b73e20f95d985b08e7a32753feeb2f40208903

    SHA256

    624dcdf5a9965139f712c554e9ffed39212491b0f096f08097a07e02492b280f

    SHA512

    1137f77cdc23691fd9a0259672cc9535efb16987162fe7ea9fa986c3b15639560c7bc0275f849cb781936ed31e7d41ecdbe671045d2a55a0215b9bcd06d36774

    Download Submit