Overview

overview

7

Static

static

3

c69406b187...66.exe

windows7-x64

7

c69406b187...66.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 03:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe

  • Size

    2.7MB

  • MD5

    b06f2149acb5ffdb64375948c5638153

  • SHA1

    13cf2cece119926cc3e36bff3447dc69cd12b7c4

  • SHA256

    c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66

  • SHA512

    f21ba228641a2b9efbabb123b877262d40860801502ae489967f6cdbcaa346adc3e732c2f74b209e7f7fb6e949dc7cc68732f82926000deca3a468a148ff2ada

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpb4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe
    "C:\Users\Admin\AppData\Local\Temp\c69406b187eccd8c319d5f05e52e3128db84b99d4648c08d9aa2af8cc3352b66.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4304
    • C:\UserDotCG\xdobsys.exe
      C:\UserDotCG\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2128
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4456,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
    1⤵
      PID:3516

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MintL2\dobxsys.exe
      Filesize

      2.7MB

      MD5

      76897b61d19c038b9de3e1eeeeb9c73f

      SHA1

      376efce88538ac54e0decd43fda51ab7923abb54

      SHA256

      b41deab0d96fd21976c6263acd40d95bbfc831d36af077520017e30f008d425b

      SHA512

      5a38cede1bb9add66ef4c2ef72411b9d1d668dc8282e75a6e45a1718b29ce6765e1464e3f747b9fcbd0e2cafb70eb78458aa8abdcb07c82b667745610f506c55

      Download Submit
    • C:\UserDotCG\xdobsys.exe
      Filesize

      2.7MB

      MD5

      2325453338a4cc7c79599334a925caea

      SHA1

      6a47090fb722c4400053df1f20893a4dea1e908a

      SHA256

      57fb37dfd0bf049ea63792d985c72babb37096f32419f6c087e2bf36c29b92af

      SHA512

      e7f4c2f97a0d0418a7164617d9c215ef901ea31f9bfa716e7e6eafa6a3e203d703a1e16ad07b78055966ed92bb39ff2198715ac67e3f27635309381b7e8315dc

      Download Submit
    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      203B

      MD5

      29d757bef6da58cd60686e91b45069f9

      SHA1

      b9b686c56913db149d3aabe3e788aacea86995a9

      SHA256

      0be230858326609671f70cf409737e7c52d753df5ba3289efec366fe6e5d8928

      SHA512

      16606cd32964f9b407d0979c4ca76aa6d5bda120d67232a8bd2c11281e075d4b64268d9f7b91a2c010df46920195fad4b92f6e2458eaaea26248583a64911696

      Download Submit