Overview

overview

7

Static

static

3

bb6406f34e...47.exe

windows7-x64

7

bb6406f34e...47.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb6406f34e47e30a9f8ef775727466eb4468e4e3afdd17b91c6aae9652fa7a47.exe

  • Size

    2.7MB

  • MD5

    848e8d4f0808a3317a8f9c2f1e9327ee

  • SHA1

    21886093b900bd2d384ab4ad05d9746843714d4b

  • SHA256

    bb6406f34e47e30a9f8ef775727466eb4468e4e3afdd17b91c6aae9652fa7a47

  • SHA512

    29b7b4eebbce08b64a91b86ea72fa92b6328e44997e04dbd07e5ddc19c75a76f4f3674cc2e91f3cf71eda8213a8f1fda7e0e9ac2c7cd985ba08a6124372704a5

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBP9w4Sx:+R0pI/IQlUoMPdmpSpD4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb6406f34e47e30a9f8ef775727466eb4468e4e3afdd17b91c6aae9652fa7a47.exe
    "C:\Users\Admin\AppData\Local\Temp\bb6406f34e47e30a9f8ef775727466eb4468e4e3afdd17b91c6aae9652fa7a47.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:932
    • C:\SysDrvY6\xbodsys.exe
      C:\SysDrvY6\xbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\SysDrvY6\xbodsys.exe
    Filesize

    2.7MB

    MD5

    8ac4b84b6b7ab6e369997f8338d93d74

    SHA1

    1629e51328d97b7e9f6b2d9970af2042b636dbb0

    SHA256

    0c5977fdb28bab244b2b58b1007c52e7e81c1e3bb4513f3002452f4b2cbbb1a4

    SHA512

    007a53d83d1aec5471efb310185308cb1dd417cec0f2b838801835d8bd697240972e93e403795d861a53871087ca4640f0a396f5406997c1cc1586454f5c8f63

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    f3d8f5c8a721b22ae6c39249f15803dd

    SHA1

    6afcae4c8978e318056ee9179989aee5d4c05e0c

    SHA256

    d6ce95aa437fe38cc2da8e5c3b29478a68cca8d163e77eda6a25f47cd92050e1

    SHA512

    ba96a8d1d0f1ae18e6075715613edb3b8bbfb4a860bbec05dddec6574769e412ceb851799e4a984981bade5e096c345cff69195bee4932c30f02ef55b172fb93

    Download Submit
  • C:\VidSN\optialoc.exe
    Filesize

    2.7MB

    MD5

    0b58fa5e7dcd0592daacbfbaef53b902

    SHA1

    2671beca1b93973b8cd3eb7e83a759fa19e6ca13

    SHA256

    550d723fe1617e9d32ea3476f34aa2d46c766e4a7c53998481b6c4a0f1c80fed

    SHA512

    01b40e4c66c19110c044d5d19e96dc6ca2e9fbb966fa597b09ca6101158e952e706d67369eafb42dac7acde3c18efcf708696af52f234065bf3c05ab79d67ae1

    Download Submit