Overview

overview

7

Static

static

3

bbe92161b6...6c.exe

windows7-x64

7

bbe92161b6...6c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bbe92161b61463b7e05160fe70372d10d288eb1ce5c29a039fae2bcb9896cc6c.exe

  • Size

    3.3MB

  • MD5

    819af5ef27a8c0475785fc53787bbb59

  • SHA1

    f14e4b56b60836ec55da20336a713683fc51d08e

  • SHA256

    bbe92161b61463b7e05160fe70372d10d288eb1ce5c29a039fae2bcb9896cc6c

  • SHA512

    77fab1fcdde02f0bee992f1dc49d8d404b86f06375051ea3035a74e88736a18a656d5bb7f42489a5d3a8ec14000ddeb79b14268609c53062bead098b6a9a99aa

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBD9w4SLDtnkgXL35xZzlPBq4:+R0pI/IQlUoMPdmpSpD4ADtnkgvNW

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bbe92161b61463b7e05160fe70372d10d288eb1ce5c29a039fae2bcb9896cc6c.exe
    "C:\Users\Admin\AppData\Local\Temp\bbe92161b61463b7e05160fe70372d10d288eb1ce5c29a039fae2bcb9896cc6c.exe"
    1⤵
    • Adds Run key to start application
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\FilesTN\devbodsys.exe
      C:\FilesTN\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesTN\devbodsys.exe
    Filesize

    3.3MB

    MD5

    e86aa2a15806dbb618af217514a3c6d7

    SHA1

    55e82aa5e929273f03bbd0845d23a984cf05dd31

    SHA256

    876e34796dc9b4d8ec91fa2a4b66951b5774a3e6fe718888ee2d0882c0a459d7

    SHA512

    a813648a22a1a0894a88e18ad1d863a06f3ea0036f4959b8766a49ef802764609548d537b0cbb4a2cc1b28d44edffaa67ed5f0bf89653990d4d3729b07b6504a

    Download Submit
  • C:\MintUS\bodaloc.exe
    Filesize

    3.3MB

    MD5

    74cdea69c8de6a37d2fc0b1f6de3afb6

    SHA1

    3e15a7db7166d94a9871434ba0960ca7efb9130f

    SHA256

    eaaaa570a4b4a80b358b0fc2b28a278505e9be8b8ac1637109d0a27dd55a4ccc

    SHA512

    6d712872502f6e84a2d764fb86e1f0ecc2ac3661eebb1bd9f86509d240c7cc4bc84f9789e406bad72fff9a978ef95cae7605258ef09c6dc6e3be6a46b7619592

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    93d87e7a3aea30d304e03282d09f6812

    SHA1

    2a827da7aa9c3014be56b51446b6550791788406

    SHA256

    6537dcde02fb2511cab0b4877510e05b2668229e0f53c486a52cfc8cd9bb4c38

    SHA512

    9b92acc13c88ea2a72aae2bcabaa27a75b11938008f10fd190ff101ef18dc9a5b8771076c4722941b18818a98219bc8c7ca77caa58b274a3a7eb5339571c9d5d

    Download Submit