Overview

overview

7

Static

static

3

bd9857191b...fa.exe

windows7-x64

7

bd9857191b...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd9857191bf5d5e8fb91bdf7acafab28a6e06b2388df952b2c800c4b1797a6fa.exe

  • Size

    2.7MB

  • MD5

    878a5af8462d695bbed227da3cc0cf1d

  • SHA1

    0279449e074e65c6ce0e364e4358ef3f9f4c8bb1

  • SHA256

    bd9857191bf5d5e8fb91bdf7acafab28a6e06b2388df952b2c800c4b1797a6fa

  • SHA512

    f529bf632f4f747a83fca8a937a9e7280ad444b8282dcbe7fb36cc76aaf4ea285f6b90bb84a399659f09b70f0b583eb95a427ab4f7fbdab01c23bb968f57af38

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBo9w4Sx:+R0pI/IQlUoMPdmpSpe4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd9857191bf5d5e8fb91bdf7acafab28a6e06b2388df952b2c800c4b1797a6fa.exe
    "C:\Users\Admin\AppData\Local\Temp\bd9857191bf5d5e8fb91bdf7acafab28a6e06b2388df952b2c800c4b1797a6fa.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\FilesWN\devbodloc.exe
      C:\FilesWN\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1244
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4612,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4432 /prefetch:8
    1⤵
      PID:836

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\FilesWN\devbodloc.exe
      Filesize

      2.7MB

      MD5

      0b06d53d4f574f860bc202c6d8302019

      SHA1

      c7781fd30d3e1c1721aad061caf603a76ce7f27b

      SHA256

      088c83a0e5b3459e132626e9055b40a77a79595eacdfd6b84b238d07aee61430

      SHA512

      82ae953e927428f0ea04d53a915c3f3aefd6c4df637a2bfa30f19fd914c14ed8e76bbde5ee1938374fc4bc2c1d37ef1bd805bb268fb0e6803080ee21a266e0cb

      Download Submit
    • C:\Mint9X\optialoc.exe
      Filesize

      7KB

      MD5

      2a66be02c3c27b489db2b8f5953bfa44

      SHA1

      242635a3ee1d142a92bde39c7a1cc5f12f53958b

      SHA256

      03c57c4403a457ba972b4a8fdf0a50876ef50b8a586b9366482ff3c6b84629f8

      SHA512

      8aaf81d458a35a958dddb5bc34416bc1e466d0c165d37c2b731745a84fe3083d42dafb1a1f3ef64045127ac64eba2d82205268cb3b08604e71997aec0d2ce625

      Download Submit
    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      204B

      MD5

      7492d50b0a9fb2fc684aad209753e2dc

      SHA1

      1e80dd0c6a353f0108488376b0911ced2dc503c3

      SHA256

      603969a893741b459a86247a4aa14d5670cfbd4db078cb898dfff0c6dc237a49

      SHA512

      dcb1554411537048f6ee44634cf0c86b4caefbb504f43d701935286d693262d88e1b3435ad657b6430281170225ec1381416bc77f15d669c749979c96c4c4ecb

      Download Submit