Overview

overview

7

Static

static

3

07a835b218...0N.exe

windows7-x64

7

07a835b218...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07a835b21842641ed7e8c199366e21d0N.exe

  • Size

    404KB

  • MD5

    07a835b21842641ed7e8c199366e21d0

  • SHA1

    2545bcb62dd5b063f977eca4ba06975c653ff275

  • SHA256

    e9d73ade3420f2ab661aa06b16c607ef40257e4f7915476a5318f8b796aa33b6

  • SHA512

    b360d1a1cdcb937b03ecd8c28f63dea98cd16871f275d66944d6bfdc7ddbac83883adc882eb17ede4f6645e4601bb8abbe6e078467bdda3a305f4b20a758ad10

  • SSDEEP

    6144:4jlYKRF/LReWAsUy/eA8Ti3LY+FPKZawYGMa:4jauDReWZL8Sc+hKZawYGV

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07a835b21842641ed7e8c199366e21d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\07a835b21842641ed7e8c199366e21d0N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\ProgramData\lovhy.exe
      "C:\ProgramData\lovhy.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache .exe
    Filesize

    404KB

    MD5

    d64b83b9c805fcaa1868b16dede58b05

    SHA1

    95c86ea0c56176c04ffb0a77c049365b80988598

    SHA256

    d9f0b7a8ed59a53700434bd14ded7534f5fdb5e316ed35cec66c8d422017eb2b

    SHA512

    3a77d303173c2960b184bb511dea34b37ac10b05d8e59f3e7b4ca65f6f1001b0e3a02f6ea6cea3ceab0591072069c6ff85b6e2cf218056646d5a2588ac5b5603

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • C:\ProgramData\lovhy.exe
    Filesize

    267KB

    MD5

    6b93a0fc5cc29bda942746c8c96c2459

    SHA1

    44a300acdd5c89637509275c4fee11158c15f453

    SHA256

    55ca75e3c40d6fd6e7be383ee170b93f3b85efa320a8a1c381a631a65de85370

    SHA512

    3f452c0c60c8514133821b7dfedadfb01bc93dddd0ce4900e9a1310e62b5d8c6c36dc89891c25892c6b7b6ce65186318f41759bd9822a7716b03ecf7eebe47dd

    Download Submit

  • memory/1816-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1816-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1816-12-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2024-131-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download