Overview

overview

7

Static

static

3

bd9857191b...fa.exe

windows7-x64

7

bd9857191b...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd9857191bf5d5e8fb91bdf7acafab28a6e06b2388df952b2c800c4b1797a6fa.exe

  • Size

    2.7MB

  • MD5

    878a5af8462d695bbed227da3cc0cf1d

  • SHA1

    0279449e074e65c6ce0e364e4358ef3f9f4c8bb1

  • SHA256

    bd9857191bf5d5e8fb91bdf7acafab28a6e06b2388df952b2c800c4b1797a6fa

  • SHA512

    f529bf632f4f747a83fca8a937a9e7280ad444b8282dcbe7fb36cc76aaf4ea285f6b90bb84a399659f09b70f0b583eb95a427ab4f7fbdab01c23bb968f57af38

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBo9w4Sx:+R0pI/IQlUoMPdmpSpe4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd9857191bf5d5e8fb91bdf7acafab28a6e06b2388df952b2c800c4b1797a6fa.exe
    "C:\Users\Admin\AppData\Local\Temp\bd9857191bf5d5e8fb91bdf7acafab28a6e06b2388df952b2c800c4b1797a6fa.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\IntelprocRO\devdobsys.exe
      C:\IntelprocRO\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVB7R\optialoc.exe
    Filesize

    2.7MB

    MD5

    1aa48be0533ab67d774bc7b4147a4d06

    SHA1

    49bb86279889f548dc727be7ba76a42e0d9faf4c

    SHA256

    ed99495f522296f0d2d4b1b1b760f28ca9175b157e09beb68743be73c03c4262

    SHA512

    e9101013695ca031af5afbf374179bd90cc910575243ea4c6e31c810c0979faae92998b45b02a9f153c4a640b26f95f41b02b648120c1a3fd40a67e6782fb601

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    4ec5a5842ab9c21f2b5f3e7f648be9c9

    SHA1

    f369a453418eb429a815e46c9d4d3a76babbc2cb

    SHA256

    651c84c7d2316050020688feecae2bb0e02487518c417cc52f7a707611b4ade8

    SHA512

    ecfb88f6b08504e7aad0ccf5401ecf3793e5ea42610c3a49cafeb851173c14b7ffb07411ad26e4539c4d95f9bf73bd35732edda8b1cb42dca5c7e6f9b156dfa5

    Download Submit
  • \IntelprocRO\devdobsys.exe
    Filesize

    2.7MB

    MD5

    2ae5f5d15d6cec72670865869ce86925

    SHA1

    36f6c54bcee241b864ed45ff27cefc0588eb4233

    SHA256

    40133df78f19a69b2142ceeed4c68c7fa5e9220d4d027920f9bca57dea2a0199

    SHA512

    df6964d121e2dc6e824af88534171ee78858e67a25d88d855609c737f17e2f9dcc451bfc350dec141f4eb1c088997c3d6e35af6f2c812994d353bb7f6b5bd867

    Download Submit