Overview

overview

7

Static

static

3

fb16466c82...0N.exe

windows7-x64

7

fb16466c82...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2024 10:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb16466c829988c744d94f036bc5aa30N.exe

  • Size

    2.7MB

  • MD5

    fb16466c829988c744d94f036bc5aa30

  • SHA1

    2962adf6b5c5fb08918b542b2ec62ffc146f26a3

  • SHA256

    225a4d751d1e07faadb1d17e09d01f03c8c9c921efdd8c43ba653fffdf971830

  • SHA512

    5642413029d549dd7d188dea73fbc795820291a06e498cd4188f023229804e4588531f3f63120a4d172bac148f6f89cc6d1966fbe4a8d84293e1e0941a69ae0e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBu9w4Sx:+R0pI/IQlUoMPdmpSpM4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb16466c829988c744d94f036bc5aa30N.exe
    "C:\Users\Admin\AppData\Local\Temp\fb16466c829988c744d94f036bc5aa30N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\SysDrv9G\adobloc.exe
      C:\SysDrv9G\adobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint7Q\optixec.exe
    Filesize

    2.7MB

    MD5

    de3207e57a45f4e4a332029dc1cb9e5b

    SHA1

    01a68895f8761f6bbd49da3e791bb3edf05e2def

    SHA256

    a5a4652106b4cf91cd0d57c7e6dec85078eb115b6405c046a8394b8c9cd60fd2

    SHA512

    2b0c6689fd2524799a2ef7a468fbaaa335c87fe594e1edde3bf6a032365fa376e59aa57d196941ec841d9882e992fc89d089dbf955d1d3b8b4cbf7573eeb8613

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    81ce0d166e3b923f20adbedc1ea6e3c1

    SHA1

    777be049794de0dad8a1ba83838458a45a493fdd

    SHA256

    92fa424bc875f13f694fa68c8d974b0c5fd629965b875f9ead2539d2deae0936

    SHA512

    7ba8ae7f2fb5e30b2a7a61bf5f5f036d827dec5bdcbf5f9b3aacaa118c6f61d965932b97232bb27355e9e6263eb550c3ec13346a0ce5b008a3a59620f02fb532

    Download Submit

  • \SysDrv9G\adobloc.exe
    Filesize

    2.7MB

    MD5

    9ee5409777c320cf3785c39f7a9537d0

    SHA1

    b68faab9d289da17e64946c76daeb495ce78d355

    SHA256

    6d5b427dee008ed84395b2d837ae988e3fa867ba6a0efee88b591df4edd9391c

    SHA512

    e6c65a30756135ed8dce905377c00d1c83d1d620ce6537eed5434fc0e2d0774a493a588e7dfb6b2d3abfdc8d5f96096d6bd01f103fb9053d604ab9ef5aaa5e27

    Download Submit