Overview

overview

7

Static

static

3

90cfe576a1...0N.exe

windows7-x64

7

90cfe576a1...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 12:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    90cfe576a1e390e56901209e126516b0N.exe

  • Size

    2.7MB

  • MD5

    90cfe576a1e390e56901209e126516b0

  • SHA1

    4f94e682de6307d1249399e3451b9c1d52f107cb

  • SHA256

    8379da5ccafcc1f0914d256dc118772c719b745c6189ac5005bfc37a7df1210b

  • SHA512

    50a5a2735c4a9fadb641ce1a46e94dd5acc877c44e6a2fde60222c0f8d3774245e6afc907b8d5eba7698b76545455abd640a4d38fb7700921b6aea3bf28b2b9d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB89w4S+:+R0pI/IQlUoMPdmpSpO4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90cfe576a1e390e56901209e126516b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\90cfe576a1e390e56901209e126516b0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5096
    • C:\UserDotQ3\devoptiloc.exe
      C:\UserDotQ3\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:852

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\KaVBQN\optidevloc.exe
          Filesize

          2.7MB

          MD5

          03d08639db8b3bf219e00cd39c77d882

          SHA1

          9e207e49f118ad5d5274b1c5aa8435017d1b8454

          SHA256

          f35b9d63166b4cc876f751fc3821192b33ee069410b8a822760ddee69e32b1fd

          SHA512

          d0741087c28af931e2a7d7c60b08486a29414f8f052b7c346ed1e25fa2b01ca72f9e441c1bb21631f963a3daa0babbfeea7f84f291f01a7c16e69300abd7471b

          Download Submit

        • C:\UserDotQ3\devoptiloc.exe
          Filesize

          2.7MB

          MD5

          843d4226fcbc9dabfded12ceb5f86dff

          SHA1

          8614ab688fca08bbfe8a6491990de76285530a88

          SHA256

          1dd374e15dd647408fef52db5ad6e7471d2d95763643b3d347fa40c497e04a16

          SHA512

          49c79887a89984ffd950e5a260bbd4d49031edc391d06fcb4c246f4891cbe70317ed6867ef337a4b2d10045e6b071f4e9749da3c0a9121c6e587d1cb97e6dc48

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          209B

          MD5

          b829788de16cc90728eac03c1965e2e9

          SHA1

          bb7c1c24eb48d50bbe54cbb81aea81dd0cc3d91d

          SHA256

          b3e570328e14a0676786c6e7f7cf8c15d8fea0445e5debf647ab0ea5742b5d18

          SHA512

          8bf7767c3f4723bfe1488f6c99b0a3e485329747f6dfc4c844004cc99b6dd1527fe7fbe90cdf08e35f4499e9678a9880eb471a1016e14235b66ee23e527d6de7

          Download Submit