Overview

overview

7

Static

static

3

bd560551f6...d5.exe

windows7-x64

7

bd560551f6...d5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 02:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd560551f6ee7ad48ad2c0f3200be31e817530249c58ef546b9e7ad1a217eed5.exe

  • Size

    2.7MB

  • MD5

    ba8da79ff4c0f57018fd29846eed383a

  • SHA1

    be836b2d51d2e96aea4635bca73c3afa297d4def

  • SHA256

    bd560551f6ee7ad48ad2c0f3200be31e817530249c58ef546b9e7ad1a217eed5

  • SHA512

    6c8c75e214b9bac0292481e53d3b401599ea9187cf2baa58b0f27ebaa76d12249892473d4e6afefb494314deba824db8917844deacd7a6d40d09ca32081df239

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBa9w4Sx:+R0pI/IQlUoMPdmpSpM4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd560551f6ee7ad48ad2c0f3200be31e817530249c58ef546b9e7ad1a217eed5.exe
    "C:\Users\Admin\AppData\Local\Temp\bd560551f6ee7ad48ad2c0f3200be31e817530249c58ef546b9e7ad1a217eed5.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Files3C\xdobec.exe
      C:\Files3C\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ0Z\dobaec.exe
    Filesize

    2.7MB

    MD5

    2b1e70b0960d66315d9878e6cddc7a35

    SHA1

    878df2d474d2e1cf6e6e08c575c96e915538a336

    SHA256

    a60a72eba97686a9a4207c919d2204bad106be0d8007311533700fc6e94192ee

    SHA512

    931d875435741e24ea099765f97bd979296ab9503e385a5bef376d0db55db809688dc2560962b352798fa741d739489bf311085b5cb71a82cc4b1b6e88eb48b8

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    c478f867dcd43862661052b4d09a6298

    SHA1

    42a5871d72b60045b79476fb2e13c2ef1e5c900f

    SHA256

    4ded21f008525ea6a6ce86bddeaca0e7ed4d9a9019a750bc35397572360508c7

    SHA512

    7a134dc3259326fb1665ccb0454263d724795179a60eb2582be35c2cc890239c9aa3c899c6dfcc70ec2f645f89b36c7e60964330c9355375b668bce65f911e5e

    Download Submit
  • \Files3C\xdobec.exe
    Filesize

    2.7MB

    MD5

    ce78761b0bae63abbcd2feb5d91757b1

    SHA1

    78ccc5ecd86ebe24c43f8842b318b23a8229f19b

    SHA256

    839ea1284b58e9c093924d7bac122f9ae8f192c81b96066e0f146df319751309

    SHA512

    fe8d39279397420dd94f9b7b68952b77b932e35a6331cdc4efbc80c8587a569b712f5511b69f103630096f6186c80deb3d2270f292beb140943adb6761036337

    Download Submit