Overview

overview

7

Static

static

3

c66dfcc18a...2N.exe

windows7-x64

7

c66dfcc18a...2N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2024 02:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c66dfcc18a9e9f2cec1e15cc94210aa69f62894d1db3b0315bd1648a819dfea2N.exe

  • Size

    2.7MB

  • MD5

    04160aa426263ea895a7008ecca806e0

  • SHA1

    063d465187ed434ca937259efe67a7b4061291c7

  • SHA256

    c66dfcc18a9e9f2cec1e15cc94210aa69f62894d1db3b0315bd1648a819dfea2

  • SHA512

    c2ff38c4079023457714886ac427710f96fc9481cffb7294f15f8b778233e6ca70d74486fa6eca93097fa7447ae33cf38811a7d7b0013e9f89a6b94c625a5be5

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBf9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c66dfcc18a9e9f2cec1e15cc94210aa69f62894d1db3b0315bd1648a819dfea2N.exe
    "C:\Users\Admin\AppData\Local\Temp\c66dfcc18a9e9f2cec1e15cc94210aa69f62894d1db3b0315bd1648a819dfea2N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Files8V\xbodsys.exe
      C:\Files8V\xbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ6B\optidevsys.exe
    Filesize

    2.7MB

    MD5

    a280ea8aabb7cd64f79b8178f2ae40f3

    SHA1

    e12942b2e2120a26317f4d2b4e6b9a02f34bb5e8

    SHA256

    79f509ad92a35167049d45944a0efcbb917172a40f1adc08107e7d57c7b96a9f

    SHA512

    4d06032d1880820522c2f99effedb01fd4e48454a8b952336027b26d600d066859ec899aac5bc358fea8d678a1cfe4c1eac652058137997a8683fe32a0fcb9f5

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    3cb42a6114d79bacab241e120e3e8fa3

    SHA1

    6d711b8281139b364fbab3c9f55d89ebbc92f067

    SHA256

    94d0ff92c50522ca1804e588caf2682df8789c21cb67bf5fedafe34b3b22171f

    SHA512

    3a77f37be27bc460e0bc1d51a55da143c7894f33fe6fe0ef785906f7499ff385477e7293d768be754750033f8032d8366ae0cb039367be9150a28d41ea06cfd0

    Download Submit

  • \Files8V\xbodsys.exe
    Filesize

    2.7MB

    MD5

    11594fff5a1357b33ad52bdf4ba19f50

    SHA1

    89a61b4ddc810b53e8fa6d97073bcafd15460964

    SHA256

    45f57e2580a129225fef50af38614239c065a2318e5346089c45ef3b886cdf11

    SHA512

    9dff3d1a5bb097fa17f55c7e0504daba9c5a32903285eabe80436fdcb675ae99bec39f1e5c6f5bd4aa458a5c53b53d61cc9d26dfe2cd5f08f9bc70b463d1961f

    Download Submit