Overview

overview

10

Static

static

3

dc3f97d7fa...f7.exe

windows7-x64

10

dc3f97d7fa...f7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2024, 03:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dc3f97d7fa1854cc0901b375e1421b4069af175c98aa98beb02aa76fe10e30f7.exe

  • Size

    96KB

  • MD5

    25d8f5841b03b76e44d8bd61137d0d09

  • SHA1

    bca20870db65eb4af01ad018d98bb58e7116d662

  • SHA256

    dc3f97d7fa1854cc0901b375e1421b4069af175c98aa98beb02aa76fe10e30f7

  • SHA512

    8fb6072af27293f32e03f37069373dadc717c89f45f3f25e704fbcfed0163ad3cd5fd9efbb68040e3fa730b5841288eb13bfa6aee6c6f58fd62bf6f9a8ec7e04

  • SSDEEP

    1536:ax7A0KIqz0K8uZSXoHV/4fXQc2Lk1vPXuhiTMuZXGTIVefVDkryyAyqX:amF06gXQ/4fAVavPXuhuXGQmVDeCyqX

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 8 IoCs
    persistence
  • Executes dropped EXE 4 IoCs
  • Drops file in System32 directory 12 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 15 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc3f97d7fa1854cc0901b375e1421b4069af175c98aa98beb02aa76fe10e30f7.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3f97d7fa1854cc0901b375e1421b4069af175c98aa98beb02aa76fe10e30f7.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Windows\SysWOW64\Dogogcpo.exe
      C:\Windows\system32\Dogogcpo.exe
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1756
      • C:\Windows\SysWOW64\Deagdn32.exe
        C:\Windows\system32\Deagdn32.exe
        3⤵
        • Adds autorun key to be loaded by Explorer.exe on startup
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3024
        • C:\Windows\SysWOW64\Dgbdlf32.exe
          C:\Windows\system32\Dgbdlf32.exe
          4⤵
          • Adds autorun key to be loaded by Explorer.exe on startup
          • Executes dropped EXE
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:3732
          • C:\Windows\SysWOW64\Dmllipeg.exe
            C:\Windows\system32\Dmllipeg.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:1900
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 396
              6⤵
              • Program crash
              PID:2156
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1900 -ip 1900
    1⤵
      PID:4828

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\Deagdn32.exe
      Filesize

      96KB

      MD5

      b2f209513287c8b73ed83fb6777ff44f

      SHA1

      2221e7f4a54ebba05d4b384bd73794af49ccfb9f

      SHA256

      08229bb1b8677148f9e57f6f73383663ba291782368026c887e553b976bdc00b

      SHA512

      6e5aed213cf5a66da0597115707d0b3235725b361ab139ac6f4beb4862cfe8dbc35f3fc3eaed2aadc8632eea8026e3e0690df6ad1d1db2bb071ef8e6fce4d079

      Download Submit

    • C:\Windows\SysWOW64\Dgbdlf32.exe
      Filesize

      96KB

      MD5

      0ceb53fe0adc4d9b3ca75fbb8a2253d9

      SHA1

      d1be0d93033b8f452502a347eea2048c56fe57af

      SHA256

      9737eb7d77740fe6c58841d8ed319427f73c6eaadebf7187c02d45cb4d5e1dcc

      SHA512

      5482975e66110781bd4543a238fe140311c6f4d558caeec8e6a201635eba4366750857b3a0794ddcc260569c84e29f6077dc9c97926208cf5ea393d446ad91fd

      Download Submit

    • C:\Windows\SysWOW64\Dmllipeg.exe
      Filesize

      96KB

      MD5

      910a504d614a3d2029e5ab3d0065d1be

      SHA1

      e6b02b4b595696107b6d06d5f35fa5e45816029a

      SHA256

      53e03e64c4556f224881bf0d17c76afbfdc12b7508cd60705eaf061885a3f943

      SHA512

      9a3b1578ed88629a96fdd234e806ad7cc67f51d8b20859a391e869381d6561cc5e5c4bb0c10712c9bfb724249f4db05027d3432a4d9ae5da87291f7501d40add

      Download Submit

    • C:\Windows\SysWOW64\Dogogcpo.exe
      Filesize

      96KB

      MD5

      45988c093e0ecd4b8b9a0b7d3be1f96e

      SHA1

      8eb757577625ccd4549d481b91f37176b2506de2

      SHA256

      618245dc58c87c434dab75f1c4f82c24e83dd0e3dfc58f87e02f2a7e17039069

      SHA512

      aac600ae63e8f24c057f251c4b67cee4931fd06b115b52b301b6c07d5e7425a737d70480c7618ccac6e51ae2a057815112c53f15b8c739d640260f6063fb7b8b

      Download Submit

    • memory/1756-8-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1756-37-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1900-32-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1900-34-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2532-0-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2532-1-0x0000000000431000-0x0000000000432000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2532-38-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download

    • memory/3024-16-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download

    • memory/3024-36-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download

    • memory/3732-24-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download

    • memory/3732-35-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download