Overview

overview

7

Static

static

3

d297372f6a...d2.exe

windows7-x64

7

d297372f6a...d2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d297372f6aa980a6c073350ac4a65ca2f79559785fd92bbfb36d2d03daf5add2.exe

  • Size

    4.1MB

  • MD5

    a79ae264c094f4fa71a7916e00e3d723

  • SHA1

    75e9656a5590919ca495cb8f0a2444c4924fd0ed

  • SHA256

    d297372f6aa980a6c073350ac4a65ca2f79559785fd92bbfb36d2d03daf5add2

  • SHA512

    af5a4f351ac5707cbff8512752d45045cb65d553bc54d578dd7eaa05b0f4a73013166a08ae2722fb31bd92e7849c45b3918027e41a7cda7725b890e3e7a74387

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpr4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmc5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d297372f6aa980a6c073350ac4a65ca2f79559785fd92bbfb36d2d03daf5add2.exe
    "C:\Users\Admin\AppData\Local\Temp\d297372f6aa980a6c073350ac4a65ca2f79559785fd92bbfb36d2d03daf5add2.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3572
    • C:\IntelprocST\xdobloc.exe
      C:\IntelprocST\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocST\xdobloc.exe
    Filesize

    4.1MB

    MD5

    f4a6c510891ca3d974f56732b086121f

    SHA1

    55a7ee943879cbfc6f6d64d641689d0b35d1eb2e

    SHA256

    550fbf0bfde0ca4130f2cb327ac0d82e2a453d85e89cb7d82a499bc7274b3d1e

    SHA512

    084d24338ca8a33ce5ef3e203c066f7460d3b1eb33efd88f337fe73e9cc7fcb456ee6af1a8914e559451b2172a37c81339933245966e60efba2df60e902d4456

    Download Submit
  • C:\LabZXD\bodxloc.exe
    Filesize

    4.1MB

    MD5

    f8101e07547005e421623b165c5f9dbc

    SHA1

    63c83d80b7c284fbb9acdf7857d6d86ba68b5fb8

    SHA256

    b333bc3837f68098ad0d17611bbbd6aac213f2a1f85ee4fb743f967bf16dc3c8

    SHA512

    198fdf8b1297629d9747bcd0593e699029eb176b55cc3fd7a8264ce5da7c0066da6dfa6f72ccbe129a591eb3e83e6e77a7e524a8a45d91ad3040aea7e4058447

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    b976d4e021d83a268f392e6d5d302b68

    SHA1

    8d24456aff6a6af260765ff1900988c1948cde0e

    SHA256

    1b6521e7538c0b1d12cf58203afd0945c64cb0223cc2efd4e34431c25581228e

    SHA512

    c61090f5a52fc533b15c476af15bdc5860515f64fb7e6339492d056c86219c4d7bf39705bcce80b9e7eb221dc7a190dbe7e81ec00c9d70850a5f5a1d38d444b9

    Download Submit