Overview

overview

7

Static

static

3

38273ab30f...49.exe

windows7-x64

7

38273ab30f...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 20:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    38273ab30fde78c56a94bd024562a23abb0dabb439e5d0b095c474e44c0e3049.exe

  • Size

    4.1MB

  • MD5

    9001c37c00524efe8bc17d6d4d3bee74

  • SHA1

    c7ae34afd385c93bec1355f0f34d460d5dc43355

  • SHA256

    38273ab30fde78c56a94bd024562a23abb0dabb439e5d0b095c474e44c0e3049

  • SHA512

    6169b7fef9c0d81497a30afaddd5af8d608465b009ab54f39aab092bee538b7a590eb6d49a77d0f5532ebf16987f4bf9ecf23d91281ae6868d554c9940262aca

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpE4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmL5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38273ab30fde78c56a94bd024562a23abb0dabb439e5d0b095c474e44c0e3049.exe
    "C:\Users\Admin\AppData\Local\Temp\38273ab30fde78c56a94bd024562a23abb0dabb439e5d0b095c474e44c0e3049.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\FilesVJ\xbodloc.exe
      C:\FilesVJ\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2996

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\LabZGF\bodaec.exe
          Filesize

          4.1MB

          MD5

          63b819e7134bf7a2f9ac7ee21cec2f78

          SHA1

          0af1ffcc90c5a624da923e9be2b2e540c13a93c7

          SHA256

          79b941f4ad467f042dbac9a972f3f687d248cdd206ce35f5f7b7ad7b98ca69ca

          SHA512

          8b30c9554ccc753c3c2136d2e5a1837c0a086b6f55ce4a342d3bf345322efb04b42e94344319e624672f3d99ea3510ff8f83adbcd5d3a4e89b1dc9b6389da41a

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          200B

          MD5

          4880eb67f8415ba8e3129d67390c0aa9

          SHA1

          9acd75947fdacfa4eb778747af106992b048715c

          SHA256

          c5acd0c0457b91e926f4160a9ce01896f2eccff43eab948521b457315b792914

          SHA512

          51261089c678e3b301e86a8ed1afe68703e61cbbe5dd342956ad92ac5186e9f2b7092fceecabc449ca2c85833f3979febd467289155c9553b64940a67411ca3f

          Download Submit

        • \FilesVJ\xbodloc.exe
          Filesize

          4.1MB

          MD5

          c4346096808278efecc237dfdfd2ef13

          SHA1

          e5483c4fb9a488d1d82440cc748eec1bd73aa1bc

          SHA256

          3b72b9522efbcb1f67a89db7648db329951b985305fb89b7a8385826dcb08078

          SHA512

          b6254ccaa533a12d4ec8fcdd1a3aa77a1241532e020d19292127e923a24b00fa28b04e6bbe0f17797cc50ca1ef86f796e4fec31080918ec8333728d65253e1b7

          Download Submit