Overview

overview

7

Static

static

3

d297372f6a...d2.exe

windows7-x64

7

d297372f6a...d2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d297372f6aa980a6c073350ac4a65ca2f79559785fd92bbfb36d2d03daf5add2.exe

  • Size

    4.1MB

  • MD5

    a79ae264c094f4fa71a7916e00e3d723

  • SHA1

    75e9656a5590919ca495cb8f0a2444c4924fd0ed

  • SHA256

    d297372f6aa980a6c073350ac4a65ca2f79559785fd92bbfb36d2d03daf5add2

  • SHA512

    af5a4f351ac5707cbff8512752d45045cb65d553bc54d578dd7eaa05b0f4a73013166a08ae2722fb31bd92e7849c45b3918027e41a7cda7725b890e3e7a74387

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpr4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmc5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d297372f6aa980a6c073350ac4a65ca2f79559785fd92bbfb36d2d03daf5add2.exe
    "C:\Users\Admin\AppData\Local\Temp\d297372f6aa980a6c073350ac4a65ca2f79559785fd92bbfb36d2d03daf5add2.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\FilesXM\devbodsys.exe
      C:\FilesXM\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1732

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVB8Z\boddevloc.exe
    Filesize

    4.1MB

    MD5

    d70be431f9c19a54f3fab0003af7b415

    SHA1

    90d54a631ebea91b7b6093b697de86d6a96b84f8

    SHA256

    5496a6825cc311343f2c01565ccf306cf41abcf3e7ed48fa6d171ec0a529c593

    SHA512

    47b8842ff7c5d9941967415d829f4157bafa7077c054dcc0fe343613c3796437f27218b818de14ad52aa6fd5483ab7e2edd3d5f3714f61165d391455096f004e

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    206B

    MD5

    db1d47b2eef2ecdc94f6f4a165c5ba5a

    SHA1

    82a5f1312226805259dd9062da1d573ace9facc0

    SHA256

    11c3b3859d379342c1e4ccb3595755e11c4620059c87dc73cda32d98c609ff5e

    SHA512

    e5ff595bd0b24d221a55f23630472cd807be72dde90b8bdcbc7a8fcd8c718aa1d379574977bdeb8a1ce55fab95a03ce4d49f23027aa295450a57b194da0df583

    Download Submit
  • \FilesXM\devbodsys.exe
    Filesize

    4.1MB

    MD5

    d610cb2359ff219e1948103a004c402f

    SHA1

    9284b84b6298d55fd6e005e8d31c61bb1ec67615

    SHA256

    537e7cdc60bfe3935d9edef98b87bfb8cd44481f78e442a74827eca64d5cb0f5

    SHA512

    31b8099ecfc93d7d38afbf1a1136b0d561941ccd161510823ef5957438c31bd3b2f762df8833dda1cb3737aa4109065e6709f6445d0369de41fca1957ec62d74

    Download Submit