Overview

overview

7

Static

static

3

afc779712b...41.exe

windows7-x64

7

afc779712b...41.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 02:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afc779712b01eb6aec174a2da6cbf5739cfbd3a866eabde5dc0fd527c42f7341.exe

  • Size

    2.7MB

  • MD5

    cb49ef5518dfa3dcf902c5b9fdde2e45

  • SHA1

    3249053aa5c45eb8fdf169d4290fa16d7e0ddd73

  • SHA256

    afc779712b01eb6aec174a2da6cbf5739cfbd3a866eabde5dc0fd527c42f7341

  • SHA512

    ae87b270940101ce6ca38fcfbab3028e2a6130a1b353b6693abac19baefa35c9cd51d9a755c33b0a860e21b695190826d4e6eed5b3c383a33d7a81b16772b903

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Sx:+R0pI/IQlUoMPdmpSpk4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afc779712b01eb6aec174a2da6cbf5739cfbd3a866eabde5dc0fd527c42f7341.exe
    "C:\Users\Admin\AppData\Local\Temp\afc779712b01eb6aec174a2da6cbf5739cfbd3a866eabde5dc0fd527c42f7341.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\SysDrvXC\abodloc.exe
      C:\SysDrvXC\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    473cc99ad7480bf85ca0e56c67d9d0cd

    SHA1

    c2b7ec950a64841d26fd62a28cd877b9b0492fbb

    SHA256

    9e97143f71fe9a49ba5acb051fbf44c64ac8c6bba05e2fd9b6fcc4f9ac214927

    SHA512

    5890b8652bc9c4928a062c6fafaffb085d8d6352a9a73e6881d04a8d1d3915ad6f4eff21f0e6d384e70d0f1039b65c11f7ff5473e0a45d5f84409e6541664a74

    Download Submit

  • C:\VidHX\bodaloc.exe
    Filesize

    2.7MB

    MD5

    0d59bcf29a8179df342324f8b3e09ee8

    SHA1

    f26a29389d4f7912210175e8da2b4689a3c69ed4

    SHA256

    3c6425484c0271a5ec61546d3014691a1f297f193e7ead8ca1f8d1b11ec9e0e2

    SHA512

    da7535903efad9c8a5e71af702179747ce9398aacbf013be283245c95625026c2bdf709fce67a76fae94a33a72240033dc23871428d48c637680058de025a0fa

    Download Submit

  • \SysDrvXC\abodloc.exe
    Filesize

    2.7MB

    MD5

    1fc89a2fd9dfa1795079e72d7278eb86

    SHA1

    aa72cd40dbed44d3c11fce89a5247c6af9d1f816

    SHA256

    1054f6e5deae17fe40574c31ed501705d55e33c5827284504ad2c9495ba13738

    SHA512

    a0341ac9111b97d9c71aeee360f620d6a0350d97b0a1306c3c7074639a9354ffe2d14980e437fb23656b95dde0f16f7186accd5609f58c6d71da27525130fd1d

    Download Submit