Overview

overview

7

Static

static

3

e7952a0d4e...55.exe

windows7-x64

7

e7952a0d4e...55.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 05:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e7952a0d4e335b64fa83f257852fd473fb3fdcaa34b816b9d87531751a3c9055.exe

  • Size

    2.7MB

  • MD5

    57fda70bbac141bc01f841e31887336d

  • SHA1

    a21f616d4e99f67397d1e265e511f28fe0a12d27

  • SHA256

    e7952a0d4e335b64fa83f257852fd473fb3fdcaa34b816b9d87531751a3c9055

  • SHA512

    ab289b6216b499e4329cfd28c54d19bd71fc7cbf75fb38c2c0f0fe3f572540205e607379e4b7a20725ce0af85e10aea4521d677b21d9ef75b8325134a15ff92d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBq9w4Sx:+R0pI/IQlUoMPdmpSpc4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e7952a0d4e335b64fa83f257852fd473fb3fdcaa34b816b9d87531751a3c9055.exe
    "C:\Users\Admin\AppData\Local\Temp\e7952a0d4e335b64fa83f257852fd473fb3fdcaa34b816b9d87531751a3c9055.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3904
    • C:\UserDotJE\xbodloc.exe
      C:\UserDotJE\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3796

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Mint5B\optixec.exe
          Filesize

          2.7MB

          MD5

          d5a4a84d63f8e1f89e126f7e0491d867

          SHA1

          2d52877f7947163aa24ae3d4d8176a64ed6a9cf1

          SHA256

          ff5307f69a0f7e55ba5e79e0085b48f7d01c60e679ad7c0342bffe84ecf30eda

          SHA512

          25beed9036198999c486223280c8396688a91f994f567bee5084b798e1effde14535d2e64d551a12d9b96f5237a2437654402816f5aed206f58ab34e61437e65

          Download Submit

        • C:\UserDotJE\xbodloc.exe
          Filesize

          2.7MB

          MD5

          086e471652ef76c308acbe86ea7a9db9

          SHA1

          ce4779324c2ea024348bad686728021b4cd204fd

          SHA256

          a01545e9bd6aca0563d6437d294a97b960f5d27788385c112f61f53626244699

          SHA512

          874cf3d912770de4c69ed5147641d6f59c340970c9bf1bd5ceb3406a14e9806835aa968d21f1195d790b71407ce2e965687262cfba55da6cf5496dda57e8de11

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          202B

          MD5

          dc20a86fc5b0ab9bb22088d85604c208

          SHA1

          ba506cc5cc1f256f68a62a901443e2006b3985cf

          SHA256

          c60d28ffb229e829b59321d851abdc3506effa6a919ae08aac91dd20b36258f0

          SHA512

          a4d4790eebb87250aeae947875234debf27c350549f1de45340076218b687dd655f292c692a8ebfc4bc5a5e52e0a5b2d2d4920036993d4fb0116ec917ddb3f03

          Download Submit