Overview

overview

10

Static

static

3

03907110e6...3N.exe

windows7-x64

10

03907110e6...3N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 01:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe

  • Size

    164KB

  • MD5

    6a3c0e8a8696265e01a1fc641568eff0

  • SHA1

    a1e7898b97765d7c263055402861f4f808870b69

  • SHA256

    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93

  • SHA512

    31215527b52d6df7ab3ba35104a310ff2c32386ae608b9f715b973e616de1e48553909f2106a3698094394bdd48094c97dccb8e536b6a87fa1afc211294b9bcf

  • SSDEEP

    3072:hsWcISl26veiCi36JRbs4jwKWuRr6TQY3RBTzFJ0T727a:hsWcIM26mJDjwZuesY3fTzFJ0T722

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    "C:\Users\Admin\AppData\Local\Temp\03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Users\Admin\tiedoy.exe
      "C:\Users\Admin\tiedoy.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2640

Network

  • flag-us
    DNS
    ns1.chopzones.com
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopzones.com
    IN A
    Response
  • flag-us
    DNS
    ns1.chopzones.net
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopzones.net
    IN A
    Response
  • flag-us
    DNS
    ns1.chopzones.org
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopzones.org
    IN A
    Response
  • flag-us
    DNS
    ns1.chopzones.biz
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopzones.biz
    IN A
    Response
  • flag-us
    DNS
    ns1.chopzones.info
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopzones.info
    IN A
    Response
  • flag-us
    DNS
    ns1.chopzones.info
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopzones.info
    IN A
    Response
    ns1.chopzones.info
    IN A
    121.40.199.127
No results found
  • 8.8.8.8:53
    ns1.chopzones.com
    dns
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.chopzones.com

  • 8.8.8.8:53
    ns1.chopzones.net
    dns
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.chopzones.net

  • 8.8.8.8:53
    ns1.chopzones.org
    dns
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    63 B
     145 B
     1
    1

    DNS Request

    ns1.chopzones.org

  • 8.8.8.8:53
    ns1.chopzones.biz
    dns
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    63 B
     125 B
     1
    1

    DNS Request

    ns1.chopzones.biz

  • 8.8.8.8:53
    ns1.chopzones.info
    dns
    03907110e6fedb43d09de8ccbe4075192767556959db4969c7640eb152aefb93N.exe
    128 B
     144 B
     2
    2

    DNS Request

    ns1.chopzones.info

    DNS Request

    ns1.chopzones.info

    DNS Response

    121.40.199.127

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\tiedoy.exe
    Filesize

    164KB

    MD5

    537388e0b37096286f761b99f6594081

    SHA1

    8aaca2ef60988673a9c7648be1869ac93a06fa51

    SHA256

    7e7865565d0b6f03f2aec844312a75e100e55e8e4da89004d3e95bcc8190aa7f

    SHA512

    7a1b5dac4bd42f6f1154e2d28c6983c24e0c373047cd1634e0780261334680aa3d9ca3b2080e03a74d85308853062bb7ff8d09bd1b210450c5a3a9b5718d6176

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.