Overview

overview

7

Static

static

3

bb6406f34e...47.exe

windows7-x64

7

bb6406f34e...47.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb6406f34e47e30a9f8ef775727466eb4468e4e3afdd17b91c6aae9652fa7a47.exe

  • Size

    2.7MB

  • MD5

    848e8d4f0808a3317a8f9c2f1e9327ee

  • SHA1

    21886093b900bd2d384ab4ad05d9746843714d4b

  • SHA256

    bb6406f34e47e30a9f8ef775727466eb4468e4e3afdd17b91c6aae9652fa7a47

  • SHA512

    29b7b4eebbce08b64a91b86ea72fa92b6328e44997e04dbd07e5ddc19c75a76f4f3674cc2e91f3cf71eda8213a8f1fda7e0e9ac2c7cd985ba08a6124372704a5

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBP9w4Sx:+R0pI/IQlUoMPdmpSpD4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb6406f34e47e30a9f8ef775727466eb4468e4e3afdd17b91c6aae9652fa7a47.exe
    "C:\Users\Admin\AppData\Local\Temp\bb6406f34e47e30a9f8ef775727466eb4468e4e3afdd17b91c6aae9652fa7a47.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\FilesG7\devbodec.exe
      C:\FilesG7\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2148

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBS1\dobdevloc.exe
    Filesize

    2.7MB

    MD5

    215ef87e1c1b322d22b8bd9a90e7b587

    SHA1

    fa2622c75b8fc9baad5d6833cfa8a89848b91e1d

    SHA256

    93e99446c8755d54ad2f25a6def0f57128b4a9643c62db0aacbba7352cc7c06d

    SHA512

    6b1c7d6a6fcb1383d0d6d6ca7ddccb249adb9292bae3400f2d87b631f7a0fd691c1c71619be3d2233d97bd0a4a061f2384007f74da1b91bddd6d9ca734c776a6

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    766bb29f336d26a3d073b25e1387abe9

    SHA1

    1dfc85c980f1331742160e972422d72c8ab70566

    SHA256

    0e01f4aa3006cbd60f803cd20a4819ffeb3d4dc6deea307b0d61f1c93046bbf0

    SHA512

    9cf2d53e1d3073103038b63f8cafbf13f9c532c3cb07cb46b8a8778d8688992f016eec173afdf3315c640e3dd41bbe7b80d8d4f02167a7efee7ee2fb8fb51af5

    Download Submit
  • \FilesG7\devbodec.exe
    Filesize

    2.7MB

    MD5

    62cadca3cc67d6f1b6f8a7f179614a49

    SHA1

    4a560bf1547de5d4ec731ea44993846471abfb82

    SHA256

    04dbfca5ec7e7fbd5953af4eb82ebc6ee6caa9cf2e832a669a05b6ecf4d43462

    SHA512

    a7f193fa8a0fb7f5912d60b9c5f869f608e25958857348f0e830e310bc814daa45c51b748cc232803be54d728964f59b00590d11265b88c17285a6494527c273

    Download Submit