Overview

overview

7

Static

static

3

c05abc07c8...45.exe

windows7-x64

7

c05abc07c8...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c05abc07c83e2bdbe725cd5b71b5805a1e086fd44a14409eaf6800119b8c3745.exe

  • Size

    4.1MB

  • MD5

    98caf36703d26d7f905fd26e1f00ab6e

  • SHA1

    fa95b63c32340b2f1e5bac252954ccd8b63cf81b

  • SHA256

    c05abc07c83e2bdbe725cd5b71b5805a1e086fd44a14409eaf6800119b8c3745

  • SHA512

    ecd9f6cae68095fd5c850e7d58e69e2d53791e691a2034d0998c261a655487f955abdcab868f40c9ef78834f8485aeeec1c9579794bc67c63590148a262aea69

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp84ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmr5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c05abc07c83e2bdbe725cd5b71b5805a1e086fd44a14409eaf6800119b8c3745.exe
    "C:\Users\Admin\AppData\Local\Temp\c05abc07c83e2bdbe725cd5b71b5805a1e086fd44a14409eaf6800119b8c3745.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\SysDrvEV\xdobloc.exe
      C:\SysDrvEV\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2552

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZRB\bodxsys.exe
    Filesize

    4.1MB

    MD5

    9ebfe2460b9c399b9ce54030c289693e

    SHA1

    b35bc60d315f78d6796c015aef7dd9e2b1d96274

    SHA256

    6b51065349ef852a149d6faef09335276705881946edb27b5ef9aadbddfd2a3e

    SHA512

    2459df96e133817fda8cb153ef2ab6950374f1cc1593b008d808608da4227a014e2a3b0ce5073900f3dd4e93e7a9f8a0a4e6c67fa448c73f30d55563153eb716

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    5560afa367f060041ef2b51c25ec517f

    SHA1

    c491a56cd1b6b75d0b5943af162ee915548e73e1

    SHA256

    3dea6843845b30fbb802d8606dfd035663e16e634365d62840656d9cb9bd7e7b

    SHA512

    3a343d564feb41e4aa85e66fd58b8d78348095b68178744fc8c6ec472527346afc966f5b9d866145ac2ab8f142c02c9f3c89c40c344c418a496a1aed146e8d96

    Download Submit
  • \SysDrvEV\xdobloc.exe
    Filesize

    4.1MB

    MD5

    656533dab93f33efab31add856278f9a

    SHA1

    f217d80d39d238352270c977f0abdad7e3e5f959

    SHA256

    189130d99a971e2d5a318246834c16f141ec4f3efd38a65786d9337626a7e9db

    SHA512

    8404f05859f2d2c925cd4d957c5f2549a3beefa53b8815027a764f0e868a918c7994982de99e66edf0e67bb10e54a43fd29e969855fe1a46e55d6e637afeda73

    Download Submit