Overview

overview

7

Static

static

3

0e4248bf83...0N.exe

windows7-x64

7

0e4248bf83...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 16:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0e4248bf837de2f8e8db2d2689139140N.exe

  • Size

    2.7MB

  • MD5

    0e4248bf837de2f8e8db2d2689139140

  • SHA1

    9ef56c69d6c0ac89b0dc08b9e1c491bc4761ff33

  • SHA256

    5aba89e863a6676d7d463b184ee8a77147f9cf1e7cd7e12176d12a509145e457

  • SHA512

    031d676d67556b511b48cb1cf792e2b2be2727188bc8ed930870411807d997e63713574a9cc2971c316db5a94c9345c37b6513530366fcf5a85172e135100a28

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4Sx:+R0pI/IQlUoMPdmpSpe4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e4248bf837de2f8e8db2d2689139140N.exe
    "C:\Users\Admin\AppData\Local\Temp\0e4248bf837de2f8e8db2d2689139140N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\FilesLW\aoptiloc.exe
      C:\FilesLW\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2728

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\GalaxIF\dobdevec.exe
          Filesize

          2.7MB

          MD5

          314d58da9fc999bcf3ce3b2cd58a42a3

          SHA1

          01ed39d5ec2f72254bd41788f2b7c60e4ee94fc7

          SHA256

          a0cfc648e74b391e0678854ae9a52edcf218653d3e925de650f7879ff0ac47de

          SHA512

          127ae396f13b98662731302021acfe8aedc5d69208d2d665e83d47d0b48fac1007fe044ad6709d9647479d255f673b04acb5d1529987c981ef88af71d8193a98

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          204B

          MD5

          99d91e66f685709276bfe7de850ba045

          SHA1

          eaa01e470fc66029aa378f876722dc739f2b9343

          SHA256

          c9e9eee5961aa990af5789ffedd36ee3772fec76d2ea67b95fdcd562973c8896

          SHA512

          a249985108d6c96c22195dfda93512b3b22f29b98f5c2e7c77d01b8cff1728df69e598e60287dbcc30e27b4f0c806b30efed8c4ad99483b38f29ee920a15c803

          Download Submit

        • \FilesLW\aoptiloc.exe
          Filesize

          2.7MB

          MD5

          60db787ed9aa888007698f50ab909f1f

          SHA1

          fa1d436d0f0b750c6a7d6a03cf26450b6222c357

          SHA256

          56a51d912b21c6286ac42de386781ad9a57f8ae411bce0a414858deb1482d82b

          SHA512

          a11b299e78261d3c48d0f6d2fc11ae20fdfd045118005d11e976e07656fa5dd58b223a113521270f806b154128fa2f23495f5dcb3e4467caffcc81bed4ebc259

          Download Submit