Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-05-2024 03:05
Static task
static1
Behavioral task
behavioral1
Sample
c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe
Resource
win10v2004-20240508-en
General
-
Target
c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe
-
Size
2.7MB
-
MD5
b06f2149acb5ffdb64375948c5638153
-
SHA1
13cf2cece119926cc3e36bff3447dc69cd12b7c4
-
SHA256
c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66
-
SHA512
f21ba228641a2b9efbabb123b877262d40860801502ae489967f6cdbcaa346adc3e732c2f74b209e7f7fb6e949dc7cc68732f82926000deca3a468a148ff2ada
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpb4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
xdobsys.exepid process 2128 xdobsys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotCG\\xdobsys.exe" c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintL2\\dobxsys.exe" c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exexdobsys.exepid process 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 2128 xdobsys.exe 2128 xdobsys.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exedescription pid process target process PID 4304 wrote to memory of 2128 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe xdobsys.exe PID 4304 wrote to memory of 2128 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe xdobsys.exe PID 4304 wrote to memory of 2128 4304 c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe xdobsys.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe"C:\Users\Admin\AppData\Local\Temp\c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\UserDotCG\xdobsys.exeC:\UserDotCG\xdobsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4456,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\MintL2\dobxsys.exeFilesize
2.7MB
MD576897b61d19c038b9de3e1eeeeb9c73f
SHA1376efce88538ac54e0decd43fda51ab7923abb54
SHA256b41deab0d96fd21976c6263acd40d95bbfc831d36af077520017e30f008d425b
SHA5125a38cede1bb9add66ef4c2ef72411b9d1d668dc8282e75a6e45a1718b29ce6765e1464e3f747b9fcbd0e2cafb70eb78458aa8abdcb07c82b667745610f506c55
-
C:\UserDotCG\xdobsys.exeFilesize
2.7MB
MD52325453338a4cc7c79599334a925caea
SHA16a47090fb722c4400053df1f20893a4dea1e908a
SHA25657fb37dfd0bf049ea63792d985c72babb37096f32419f6c087e2bf36c29b92af
SHA512e7f4c2f97a0d0418a7164617d9c215ef901ea31f9bfa716e7e6eafa6a3e203d703a1e16ad07b78055966ed92bb39ff2198715ac67e3f27635309381b7e8315dc
-
C:\Users\Admin\253086396416_10.0_Admin.iniFilesize
203B
MD529d757bef6da58cd60686e91b45069f9
SHA1b9b686c56913db149d3aabe3e788aacea86995a9
SHA2560be230858326609671f70cf409737e7c52d753df5ba3289efec366fe6e5d8928
SHA51216606cd32964f9b407d0979c4ca76aa6d5bda120d67232a8bd2c11281e075d4b64268d9f7b91a2c010df46920195fad4b92f6e2458eaaea26248583a64911696