Overview

overview

7

Static

static

3

518e54f236...0N.exe

windows7-x64

7

518e54f236...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-08-2024 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    518e54f2369a4355c3abfbd26dd86f00N.exe

  • Size

    2.7MB

  • MD5

    518e54f2369a4355c3abfbd26dd86f00

  • SHA1

    737936e67b5c5b5154e83bd6126478931a40be4d

  • SHA256

    174e92ef5dae2751614bd63a55a89ee181e3eb2ecf932039b4a123db513cdc95

  • SHA512

    4adee3b2007a2d6a3c5eadb0c7d96bb31e1f2951f7152de222f0cdac7e0ab7859322bb7fc714129dcf431eb24a51f7992dd23db7f19d12d4ffec1fab13137fb0

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4Sx:+R0pI/IQlUoMPdmpSpK4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\518e54f2369a4355c3abfbd26dd86f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\518e54f2369a4355c3abfbd26dd86f00N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\FilesXM\aoptiloc.exe
      C:\FilesXM\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesXM\aoptiloc.exe
    Filesize

    2.7MB

    MD5

    534d14e264417d12adcf181aeed508aa

    SHA1

    8bfb3e7437e77f078679d346797bdc8a519adbdf

    SHA256

    7077b617c3a971a5c1ea7a8c1a6b76ce3ab04a792c2335f759d67ca90d53b14c

    SHA512

    d54e9dff6509aa1dfb7fffa99a84ad6944458012deb210f3fc3289a4ffbb06ffe5d2f16a33a76abe42bfe9f83d337fd881991d68bdbeb050c9b37be0343546ba

    Download Submit

  • C:\GalaxT1\dobxloc.exe
    Filesize

    2.7MB

    MD5

    d65a569b4ad9e5be1d53c0b4fdf261ee

    SHA1

    5ff066ce33c47a55b61dcbb2418dc83594e12652

    SHA256

    d9c7b58c6e86da3a752d08000e39fd182983aa00609b924f0c18f6474dbdb4f6

    SHA512

    a757769bd6fad34ed8b33d29f1462984b519514a90ee70e2ee52a950990d8da8810d417908e97377c3c2b527502c9084c60e1bbdafc82fed167ecf08cd8955bc

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    ad78114223949f2bf6ad8b4f19116c0c

    SHA1

    6d7456a79d6bceedafbbf4a452256503b8c6a9c3

    SHA256

    b19ee7b9687e40b4f3d34fe352f9fe1ff4af483c2706af591dda439465e54870

    SHA512

    0220cfeb264206c20be917e0523d9c8ba95b31bb09656e47dd1adfc04e52f8b4aa55610dda7c2d8e7f6232d246ea090b9eb5d69f9aa9b3c8cdf50e3680cade1c

    Download Submit