Overview

overview

7

Static

static

3

bf76be7687...62.exe

windows7-x64

7

bf76be7687...62.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf76be768757231c993c56bb1f0f5b2f68843192231c1dcb408727fa83231c62.exe

  • Size

    3.6MB

  • MD5

    09f5d1f7c797beaaafc3e9bbfc61216e

  • SHA1

    75a006f4eb7c180c22c57ffffb4a723eb17148d1

  • SHA256

    bf76be768757231c993c56bb1f0f5b2f68843192231c1dcb408727fa83231c62

  • SHA512

    8d297918b76ef1b76192d519d11e1fd45e62ae70f3c743eb179823030a425e5476d93e4aa583c3ef0f06f9689f8b97a44ffb179087a45d7ce137a7419351a97d

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBbB/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUpIbVz8eLFcz

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf76be768757231c993c56bb1f0f5b2f68843192231c1dcb408727fa83231c62.exe
    "C:\Users\Admin\AppData\Local\Temp\bf76be768757231c993c56bb1f0f5b2f68843192231c1dcb408727fa83231c62.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecadob.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecadob.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1164
    • C:\UserDotM2\abodloc.exe
      C:\UserDotM2\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ3H\dobxsys.exe
    Filesize

    3.6MB

    MD5

    38e425527892eaab742e0d141deb8e2d

    SHA1

    4c908f1ab9cf0eca6a844617fb644633d99559df

    SHA256

    3c4d880a3e2fdf32eb5b610eae5b52951f105c402966241fbddc7c79a7924739

    SHA512

    ec57f090873afdae3277940874a6b2f639611041bf1f095bb6061cd8099c7cdddd43102f8c3369793bfc19a6d2bfd64babf479afcde3b0a9067ad58a08a8e128

    Download Submit

  • C:\LabZ3H\dobxsys.exe
    Filesize

    3.6MB

    MD5

    5fe9f8d64eb182c3c244e7b4b6c7a757

    SHA1

    a0dd3e349be98ab14d1a108519dc83eb243ed66f

    SHA256

    e248150e26cf64b267812546ef7450fc2a577bfdf8cfab8e5552cab55aaa6549

    SHA512

    89044a0684f263ad64ec3fcbc96178ff0f7b042f217c20573757ecac62e840a3b8f3dd9b3187de25dc133873f84410d6924068783637020f85383330db85623d

    Download Submit

  • C:\UserDotM2\abodloc.exe
    Filesize

    3.6MB

    MD5

    07aa85bf22a5e437b2002b6fcea63cd4

    SHA1

    42e134ae408c36c7ecf1f797f4c65a20c179a499

    SHA256

    2c659c613c66816c06831285fc977be0a2eb201fe234fc2a1414ff46cd8b7a6a

    SHA512

    0c3822c12d34f292db7bd653554634847e7c473af37a886159ce8c0893179475000500822d6661938f2e84151bd3dcf8f7eaa262f15dbcb4a2f0b51352d98269

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    169B

    MD5

    07e35d2751e173e2329d7a1319fcbed1

    SHA1

    d82b344e85f5f4e7e2a68e678510d8c8376be55c

    SHA256

    8623ceb0efa5961a6431d220138047b53893d7b400d714bf1cecfe1bd2bee923

    SHA512

    cb770bfc3e1e4d76c9fb3fc2e7db395a182d34b5e04c79f7cb6a95abf3c37562aef542e22671cebcceeabd9e06639fb8fb99d2eae6ed7535d2a11245a4fa1c43

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    1ed70a200a6df3751cfa4c8330ed0fb6

    SHA1

    53660a53d17dca1afa71c39ea9e4801b80f561b4

    SHA256

    4cb3a5ccd6131a7be284164988d00e2c0bf9af29f2e92385e52f43499ae744ab

    SHA512

    992cdb3a30e68cf4b3f5df1e4229cebf8e4d53aa40444e0a760997dbbbc107d9c44fae18f6b12f7101457d49ff3c7d36fd68a530af5b9dbd0c3081057daf49f1

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecadob.exe
    Filesize

    3.6MB

    MD5

    a00411361ad53b491b8492549a94e96b

    SHA1

    d4003f5c0afcac6b4861cda384085437f8dc2e0b

    SHA256

    f3269f99db67dd358f2e22ffc5c60a2878db7ec4b40e46f6a46114781c016729

    SHA512

    838f63b34a98e97e349b59a6af0c1c1c4d6ebd168ed94670745faf559853353fe5cf36159027b59e4b8f7f92499127e7ed7177f6c63fc3ba62b895e3d343e130

    Download Submit