Overview

overview

7

Static

static

3

0a0acad85e...56.exe

windows7-x64

7

0a0acad85e...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a0acad85ec0ca7f6f6cb01c6665a4cfa3455563fdd2f811a9b64156020cf156.exe

  • Size

    2.7MB

  • MD5

    b98091c8e54390d3e68b7c40f0e4d5ac

  • SHA1

    9258b69395f8135c932a720e8882ae8166e390be

  • SHA256

    0a0acad85ec0ca7f6f6cb01c6665a4cfa3455563fdd2f811a9b64156020cf156

  • SHA512

    f1640f38ed316c30ea5096e01460dc51a8fc3cd8f09470772fc0b6b808b0b999174a730dc5885e17b599e856f754ee988efb12aa0148de62d3c3c2c2520c9620

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBj9w4Sx:+R0pI/IQlUoMPdmpSpf4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a0acad85ec0ca7f6f6cb01c6665a4cfa3455563fdd2f811a9b64156020cf156.exe
    "C:\Users\Admin\AppData\Local\Temp\0a0acad85ec0ca7f6f6cb01c6665a4cfa3455563fdd2f811a9b64156020cf156.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\FilesSX\devoptiec.exe
      C:\FilesSX\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    3da264316048f68212f455f847f34eca

    SHA1

    19cd6b63baf1bf300ee6521a8b5269971589ddb1

    SHA256

    6257b0f9c31730ff75cb2c9856ac2981a1554dbae3c7789a5cea8cc165611599

    SHA512

    8d2f6ea60f414d9e34d314b0ec0cfb9560d541fdca8005c98eeebf2493ef3f69c613cfd1880707f582c60ee9be01566fdaf615ef8628de4ebc910568f0a7322f

    Download Submit
  • C:\Vid13\bodasys.exe
    Filesize

    2.7MB

    MD5

    8fc14011aac5be90b125fdfb8ea29131

    SHA1

    3fd4691c54e8ac76357aa349cfdc7d8fc02b8175

    SHA256

    063c1dec8ff8236ca8f8806b21e69a50369f9639e49d6e4ef79ff596fda9aa25

    SHA512

    d60bb36cf8a26a073c95b612c118034e5c763f4b0be79de12c6c66d80d5ee6394499dc510b47d653c3a08ecaae73c4a49f49200b8817c32c43edf6cbf09505e2

    Download Submit
  • \FilesSX\devoptiec.exe
    Filesize

    2.7MB

    MD5

    1004cdb61f8bade80f874d878564fc0f

    SHA1

    a581ccfc495679c548a8f6ac3420ca118844f458

    SHA256

    8488c7c018207be4da5311d263d8a7f912dd299b8ee828a8120f5590879c2c2f

    SHA512

    b86ec5f5cdd8371bc21d9a2b487d9b6abaf52aad3361947173cb7f7b980477b1db8c3d400d5c3626e8b80985f4c86eb8829060805cc03a07451ad3c6d8087e0d

    Download Submit