Overview

overview

7

Static

static

3

bde1375791...b9.exe

windows7-x64

7

bde1375791...b9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 02:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bde1375791c43560474c980757fc957bf9a8d4b072c840ea40e9df22679a69b9.exe

  • Size

    2.7MB

  • MD5

    9dc8c6baa1b6ecf6bdb561b598af3986

  • SHA1

    b4397f53f217ba282c305f7fb7a94f58832a6846

  • SHA256

    bde1375791c43560474c980757fc957bf9a8d4b072c840ea40e9df22679a69b9

  • SHA512

    469daa5c87ed07a95d9656f3940dc6817a128f64f113b67274cd5f6627be1893b2c01cb158f729268a480d790f178c85b49daaf4074a11086bb031e366075c5c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBN9w4Sx:+R0pI/IQlUoMPdmpSpx4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bde1375791c43560474c980757fc957bf9a8d4b072c840ea40e9df22679a69b9.exe
    "C:\Users\Admin\AppData\Local\Temp\bde1375791c43560474c980757fc957bf9a8d4b072c840ea40e9df22679a69b9.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\UserDotPP\devdobsys.exe
      C:\UserDotPP\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxFZ\dobdevloc.exe
    Filesize

    2.7MB

    MD5

    394513d9bd9e316f4224f26bc24d5397

    SHA1

    a8af651506b105faa965549f3d3e915720c3099e

    SHA256

    cf4a84f945b735199c4ec06fdb61173f495ec16902c8103365ae7aa4f84f69d2

    SHA512

    8b65ca8faa5ef082075002fb228bb67b1d22343ad1847d38aab0f2383d0d8ca6fe952172b1bff30edb06d51829b429d0bd109ef0e256787c7c60a2eb5c93de8d

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    206B

    MD5

    d4279729c47f026c2ad400845733630a

    SHA1

    13e51044d7ecf96bdcc177b94fe64214a481e4ae

    SHA256

    ae6af6163795a4d944c2d9450d895f51d41d622a84da4d8227fd3ad557b062f7

    SHA512

    61788092ad716a945a9d8fbcbc65fb79ca755fa962b3210456850437fe91c008e45e9e5ed2fe6c9ae488054c3ff4cada8383480d13ff51175cd89fe7eb75d203

    Download Submit
  • \UserDotPP\devdobsys.exe
    Filesize

    2.7MB

    MD5

    be91658053b1f6aaf1f58ea8645db748

    SHA1

    09b83d857ab19bce99ca02fdc95fd570ce2009d7

    SHA256

    67f65961f8149bfb93e473a9306e53a7307c8a125e68ccb0091a5d1f899d889a

    SHA512

    a6b6f802b700946daad35e62ce92908a643d6c9dc426cd12a2e71e693e04114eacfc0323d8c47b1033dab93e0951ea550ed2acda99dc172a17c278c8a45fc72a

    Download Submit