Overview

overview

7

Static

static

3

7dcfdf2a3f...0N.exe

windows7-x64

7

7dcfdf2a3f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-09-2024 10:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dcfdf2a3f5c279d8b7a481e0b565e80N.exe

  • Size

    2.7MB

  • MD5

    7dcfdf2a3f5c279d8b7a481e0b565e80

  • SHA1

    057017f108dd148b4043ce6411358a302e5c766c

  • SHA256

    752a4dccee7a0d49ca10b04ba344ef5790cf37bddbcc8a92e11f663fd3581b75

  • SHA512

    36e0966dda82fbbbe43b27e95eb305e4ce7e8a13d10d893dc7ed3c4d5339c911ed67ea88dc8130e22efcd42f548706fd726a79e8b65370d1e5f374a9108e9b92

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBS9w4S+:+R0pI/IQlUoMPdmpSpg4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dcfdf2a3f5c279d8b7a481e0b565e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\7dcfdf2a3f5c279d8b7a481e0b565e80N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:584
    • C:\FilesH7\devbodec.exe
      C:\FilesH7\devbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint2L\optiaec.exe
    Filesize

    2.7MB

    MD5

    09d617459a69a0b172283c926692847d

    SHA1

    540104528b2dd2f4c8a52e71743a4b7fb8884b49

    SHA256

    6caad3e247518b78f9963ca2a4334bef52ce79ab4f64a047a7387d8654adcf2a

    SHA512

    2344f87fd6d8d3eebee8a57d0454689b030359c9330aa8b63e7be8e94cc06c998bb7359d21cc0cb854b099be970c4d1d595e655b51ea6c09dfc294a1d42c4e6d

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    9bef596b80d76c8202046afd2f6a82ff

    SHA1

    b7f087b493b953f3cfe04b4b54d949d39fe6cbca

    SHA256

    01d855acf540c6491191390241e8e9ea3e07f5cf77425ef3151d059eb15a4830

    SHA512

    3e894b626f79b4dad5e4c0ff82c7749af8e646fdc38ae4a0f9286d4e0ed6e8d3a814a471e46f20583714bd3656a9e5d4dc456f5019360df925c0f4e4eae5bdab

    Download Submit

  • \FilesH7\devbodec.exe
    Filesize

    2.7MB

    MD5

    4e5c491bc64b4507d8c040b7c664a83e

    SHA1

    6154229003fc25c2b955f927636de3bea12f4ec4

    SHA256

    900696f23cf2de8cc2e3924c81cb0375d473cc054b7acf14ca07f104fe969947

    SHA512

    116ff783597d82c58055f271db0aaf767fab72d2ecdfc67ebf6ee89897de908d25bf4f72d6b4eb0d7e516bad3eb8486919feeba1f0e08209017311df363f7d85

    Download Submit