Overview

overview

7

Static

static

3

751cafd747...21.exe

windows7-x64

7

751cafd747...21.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 02:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    751cafd7475c9e1e73acc2c0585696831cb2d8891085d30bf8c5fe7a0220b521.exe

  • Size

    2.7MB

  • MD5

    243c3f395dd317abc9b3f77a5eff6a90

  • SHA1

    a0917ec464cbe57f8cc3d296a6cd39e1818fc921

  • SHA256

    751cafd7475c9e1e73acc2c0585696831cb2d8891085d30bf8c5fe7a0220b521

  • SHA512

    1c0b0cf76ba7c133498a294b6000887db252f8e977a1f693dc1fb8ee0bc2b2d5a0ec39ba62a8937812a609d056cc1afe3ccceecee7dfd2bb6f206a450ad913f9

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBT9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\751cafd7475c9e1e73acc2c0585696831cb2d8891085d30bf8c5fe7a0220b521.exe
    "C:\Users\Admin\AppData\Local\Temp\751cafd7475c9e1e73acc2c0585696831cb2d8891085d30bf8c5fe7a0220b521.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4536
    • C:\FilesD4\xdobec.exe
      C:\FilesD4\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2308

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesD4\xdobec.exe
    Filesize

    2.7MB

    MD5

    f3ada24882295259146097873ec97303

    SHA1

    73e8c07b32432a5b34d4b1eea85d975afb4ae3b8

    SHA256

    fadc7fb3f6a443f29c617bbd563dac612dc3cf814ef7170b7a209be61006fa88

    SHA512

    ebd6896c3aeb624ef8b2f269a5efa6e454244a0764994acb85cbde32af364ab35f87b4e4a8f41eded1e8484eb744f2f557af404ac815648990b3547612a151a9

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    b787009acd6063e0fe761e265f9c82af

    SHA1

    d8053c3bfe7a4a73f74bc724d331efd31ae79e75

    SHA256

    de896fe178788cdc938651ba3e879c124f98661984f2fb5ad8490c185d963142

    SHA512

    69f69eddc8628a5c4ffb4a8d14fa31d4bb938a3962d5bd742a2d84346ad9d46551da365ebffeea9793bf1d3380e3f6e5907ca64469d3544b299b9e1d5a68c82f

    Download Submit
  • C:\Vid4R\dobdevec.exe
    Filesize

    2.7MB

    MD5

    d77ccdec2b978c71547e0daa362f7343

    SHA1

    40d9c43242c22371cc45a4efe2d3390859683987

    SHA256

    f182b2f153c1d7610fbbed3b4eaa43a293a6921a01b7de6cc60fdb77230d6164

    SHA512

    b137f287729a48b954711724feb115b46610e0afbe6a95e3af40f02ffae0bdc355886abb043ff537e7e82d79e585c69f204e4273be3f6c65fd65e148464870cc

    Download Submit