Overview

overview

7

Static

static

3

179ca6727f...f3.exe

windows7-x64

7

179ca6727f...f3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    179ca6727f97a98d028ea98d2280f5bf58d1a8289208698a072cee6873f0fbf3.exe

  • Size

    2.7MB

  • MD5

    e9e77430a750d8a67d6d79b4613ac1b4

  • SHA1

    3e73a41f3f307fa30324c709579127cda31c41de

  • SHA256

    179ca6727f97a98d028ea98d2280f5bf58d1a8289208698a072cee6873f0fbf3

  • SHA512

    fb98d4b1eb529795221d857317a052079ce85f3e60935411419ee96e5b254477d1470579c2498c1dbf62f099a7a6813cb42ba18e723d5ab2bd0669ba9639b18a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBX9w4Sx:+R0pI/IQlUoMPdmpSpf4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\179ca6727f97a98d028ea98d2280f5bf58d1a8289208698a072cee6873f0fbf3.exe
    "C:\Users\Admin\AppData\Local\Temp\179ca6727f97a98d028ea98d2280f5bf58d1a8289208698a072cee6873f0fbf3.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\SysDrvSY\devdobsys.exe
      C:\SysDrvSY\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    99c6cebc8fb8fed2364cc0a45be7f73c

    SHA1

    e11d26040bd22fa93fda964fc5463f367bd6c749

    SHA256

    f9677137fa17583c68073a7abb7561747a4138f278160279e157eca51d6312be

    SHA512

    2d3cebbb35c7acea7c1ac22939dfe6c3ab1fd4f72ff725f156ab544f21f8315dd946aa1718178da88459bd9eab59c6a7dd01bf73a5c7660d9e0c72f22e63a51a

    Download Submit

  • C:\VidTK\bodaloc.exe
    Filesize

    2.7MB

    MD5

    d13e256a8273797b456f1086a6f000a1

    SHA1

    1e10fbe59810bb5e59aed54bbab3165dc01e54f8

    SHA256

    02d8eddefbfae6e44d67c9decf3d3d3b9bb9ef2ca48b9ca63b94d77c8b23eb3f

    SHA512

    9982e1147b6765814e65199a2774dbe1daa6805302e4e01b927b9a4faa723c052ef841d6634b9365cdd672862e04cf32075df788bf39027f02f237c022dbf68f

    Download Submit

  • \SysDrvSY\devdobsys.exe
    Filesize

    2.7MB

    MD5

    f4049711dd3d1badf1d77e41cf662de6

    SHA1

    3c96ed7052a1d3769be739ceebcc2c99582b290a

    SHA256

    cf818c3bb420fe1abcfcf23a173344493e38deccd5167d562f993989763ce502

    SHA512

    b0484e9212d69212d70aa626851a9d1d071d8526cd3120aece0a244aa365526fabaee790e7a03e178e98bdde60cacf8cfc7c7f28739012179ffbce744e8ec780

    Download Submit