Overview

overview

7

Static

static

3

DBS.exe

windows10-2004-x64

7

Resubmissions

02-05-2023 01:01

230502-bc8rashc34 7

02-05-2023 00:11

230502-ag1e2shb52 7

01-05-2023 21:35

230501-1fjc9agg85 8

01-05-2023 20:20

230501-y4lgeaad31 7

Analysis

  • max time kernel
    1811s
  • max time network
    1583s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-05-2023 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DBS.exe

  • Size

    683KB

  • MD5

    7c12f6fec9bc7980dd057bff668edfee

  • SHA1

    09581aea5c7737e401181a4c1af42898cb5c363e

  • SHA256

    2219e96c7736e6edc02fe0ff151ee8e0116b8b0dbcf38d7ee91ab246b4fed0a0

  • SHA512

    906cd2e4515d224b223675c015e0afcde2d7c8bafa9b316a4f49710d9ebb9a67c26e316e02b34953d4e1507fcff72d4d52ef4e608368165debe72158512e43b2

  • SSDEEP

    12288:PZZ2iNvj2vIUMgaw+UzS/soUHBaqLcKc8V5:n1tjCTa8S/2HkqL5

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DBS.exe
    "C:\Users\Admin\AppData\Local\Temp\DBS.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Users\Admin\AppData\Local\Temp\DBS.exe
      "C:\Users\Admin\AppData\Local\Temp\DBS.exe"
      2⤵
        PID:1504
      • C:\Users\Admin\AppData\Local\Temp\DBS.exe
        "C:\Users\Admin\AppData\Local\Temp\DBS.exe"
        2⤵
          PID:3480
        • C:\Users\Admin\AppData\Local\Temp\DBS.exe
          "C:\Users\Admin\AppData\Local\Temp\DBS.exe"
          2⤵
          • Checks computer location settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3456

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1668-133-0x0000000000750000-0x0000000000802000-memory.dmp

        Filesize

        712KB

        Download

      • memory/1668-134-0x0000000005680000-0x0000000005C24000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/1668-135-0x00000000050D0000-0x0000000005162000-memory.dmp

        Filesize

        584KB

        Download

      • memory/1668-136-0x0000000005270000-0x000000000527A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1668-137-0x00000000052F0000-0x0000000005300000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1668-138-0x00000000052F0000-0x0000000005300000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1668-139-0x0000000008280000-0x000000000831C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/3456-140-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/3456-142-0x0000000001990000-0x0000000001CDA000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/3456-143-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download