Overview

overview

7

Static

static

3

e434ab8f22...af.exe

windows7-x64

7

e434ab8f22...af.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-05-2024 05:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e434ab8f221e27b2a9d8b900111a28211e59b4cd375b65337ec611f5143900af.exe

  • Size

    2.7MB

  • MD5

    9e5da2de72a46d7b3a3b52c87f9e2f58

  • SHA1

    a6d0baaaeb79c59354e3b4f86a8fd8c0e02c5b99

  • SHA256

    e434ab8f221e27b2a9d8b900111a28211e59b4cd375b65337ec611f5143900af

  • SHA512

    b6c21a3c01753103d8d3eba3336c3fe56dc4289b8d6e7ac993ae8de024323b9163690bf1a78a6d7878b5a4a061fbc15e6ef1b5fd5ce5134d288f2035c2134048

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBO9w4Sx:+R0pI/IQlUoMPdmpSpc4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e434ab8f221e27b2a9d8b900111a28211e59b4cd375b65337ec611f5143900af.exe
    "C:\Users\Admin\AppData\Local\Temp\e434ab8f221e27b2a9d8b900111a28211e59b4cd375b65337ec611f5143900af.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\SysDrvLC\abodloc.exe
      C:\SysDrvLC\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ0W\dobaloc.exe
    Filesize

    14KB

    MD5

    3ed08d693b317babf4a1816702acfdd0

    SHA1

    d80195aa289cbaee52acfecc4c9eab29ed3dea31

    SHA256

    d0ea3eb204fb4518d62ad6821690e91864d8535063915b32b4f876dfab3f033d

    SHA512

    6b81b52697973732bcefc930bb4e604d120c91e6a0f92526d1f1eb909f36eb6a6023b5ce53e71cebc787fc25242075bde5b6a1820662484647b1a87ec1572e99

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    94d7ea8109bf41787f325a98149780ee

    SHA1

    bde5d64c79dbc7611a3d2b35a92ec44db695c205

    SHA256

    89ca8d77387abbc94c33415fe36cea62d0ff5b0ddb7381b290728942f5cdf916

    SHA512

    3a4253bcf42303eaf2ce704b3b363135968e992f6a98826b5b7dd5010f7a9eb6e467bd87f2fef9cb3d85b0eedebb13de2edc262205db710bb07d64be78869567

    Download Submit

  • \SysDrvLC\abodloc.exe
    Filesize

    2.7MB

    MD5

    7261cdcd15deffe227e9d9b65c7fd357

    SHA1

    f909615ea0a21c33290968de3f9eb873f4a051e9

    SHA256

    a26ebc39ff12058641120f4060de49186b2afe7e25406f739e21bfc3ecab50dc

    SHA512

    5373544dfd03fa2cc22779a97934abd1c32878f1e86ce2b190315460822591a19a7855bb37ba4371a070527da6df7c290f4d62a8f7b181ee8fe12df68a73e94b

    Download Submit