Overview

overview

7

Static

static

3

7bac44ad28...a2.exe

windows7-x64

7

7bac44ad28...a2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 23:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7bac44ad28971f81d7e6ac53ce2ef4f987b9099f4d6c5db2811cd2b8449269a2.exe

  • Size

    2.7MB

  • MD5

    9f53088c6f9267219159053154dae9ea

  • SHA1

    7013b61682343854d4cfcb247889c9bbff75c5cd

  • SHA256

    7bac44ad28971f81d7e6ac53ce2ef4f987b9099f4d6c5db2811cd2b8449269a2

  • SHA512

    53eec167c886f1bae0bb6b8dcb6d7ef4fa46ba96769192d71c27b126bff2298a54e3d5ce5506c42522f51a8202d087994b0ce216546bc8463f0d05f1b5f2e537

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBf9w4Sx:+R0pI/IQlUoMPdmpSpD4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7bac44ad28971f81d7e6ac53ce2ef4f987b9099f4d6c5db2811cd2b8449269a2.exe
    "C:\Users\Admin\AppData\Local\Temp\7bac44ad28971f81d7e6ac53ce2ef4f987b9099f4d6c5db2811cd2b8449269a2.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1132
    • C:\UserDotBI\abodec.exe
      C:\UserDotBI\abodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBHM\bodxec.exe
    Filesize

    1.5MB

    MD5

    f50eb1ebd4ee701879e8c03d064afd58

    SHA1

    eb1a7a67b8bd0977d53d594c2f9e43d31f5024cb

    SHA256

    b950c10082662b6a53bba8d6f2426a5786dc166c58941b989979d27d12ef6ce8

    SHA512

    13888808972f1e28088b943c0a3505e84874098b9565d4305bfaffa0c3b8666d03cb5088f451fcbfb031711222f7ae409eccb1c79d71bde45c5ad55d3a643945

    Download Submit

  • C:\KaVBHM\bodxec.exe
    Filesize

    2.7MB

    MD5

    7d04f75fe05381da7f2cc279350928e9

    SHA1

    3b9230c8efbdb9b49151d35c7f0b4e9ab64ada77

    SHA256

    be08ba04444628053e16674daaa90c5400b1bcbf4fe2f78586a20ab929512a60

    SHA512

    a70700b19845947d6e1fb3978c0ecc67d0874bd865ebbd969b55c3be2a9ca20cbc1df8768e2c50fe83f4cb08b6f9eccb475db8f1e42857c80f6258a993963fbf

    Download Submit

  • C:\UserDotBI\abodec.exe
    Filesize

    2.7MB

    MD5

    ca304aea38439fdafed05137a76afa13

    SHA1

    9b5cbfe7b1b852b1d5462e4e953a7bc856f802e8

    SHA256

    103ac0e7e8cd37e0e49cb860ee54418a07bf599757d9e04c0c71137c4f7078a7

    SHA512

    ec57e1db7aad197f1da0af2d85347ab42b45c40fd033d5454ba9a41b2613f86a20bea017256335d380adfc405a077d60f0ae4daabe861ce6e044c3941a2ec4af

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    202B

    MD5

    8a73e69819f70e3a1ad594fc8dceda03

    SHA1

    cc7cdbb795b334d78e9a3e53959c693960981b1c

    SHA256

    ae0778497f282c595bf6765db9aece411429b54c30aa71c9071a67e57be2c145

    SHA512

    57ca3f0e27bb9128e05128015a6553daf7226e7d759a751ce903fdfd3b614420091c0ff7736cb516e93d8df5fe7a48e37280b161e2ececa18b162d07738c42ad

    Download Submit