Overview

overview

7

Static

static

3

cd84aa8f6e...cd.exe

windows7-x64

7

cd84aa8f6e...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd84aa8f6ee91fb61d9d828e686a5a65de1372d7835b49ad3b82850078a30dcd.exe

  • Size

    2.7MB

  • MD5

    aa0e2ede9a8b015f2b2e90be43ab3fad

  • SHA1

    04e4775e1d02a046dddc8d947c1e8c05b7a2f718

  • SHA256

    cd84aa8f6ee91fb61d9d828e686a5a65de1372d7835b49ad3b82850078a30dcd

  • SHA512

    8fa8a896dc14b96884dc2be8a67b8f908fdb8bc1d2f851305cc1f4ca436b79323e08cbb11030365e822cd4ae2ba41f4749a0beaf3a31c6bb8b760bc1b31d3e0a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpX4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd84aa8f6ee91fb61d9d828e686a5a65de1372d7835b49ad3b82850078a30dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\cd84aa8f6ee91fb61d9d828e686a5a65de1372d7835b49ad3b82850078a30dcd.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4996
    • C:\SysDrvKR\devbodsys.exe
      C:\SysDrvKR\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1772

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVB1V\dobxec.exe
    Filesize

    51KB

    MD5

    734dbf064a7f1ab9dfdd4c2d31147831

    SHA1

    d5539d3a255f353754366e713aa0c820fceedc35

    SHA256

    b4c7008b35c7a4b24c88178692731c4dc475e59726f46b68d040951100c5d913

    SHA512

    a1a62c1e0c4b413d5e1870920f074fda65046682223e7414ecf7a7e22e8a3bf2efa00f760cff79b0508b07416999f80df945a1aab878c3b5ae083413f8181836

    Download Submit
  • C:\KaVB1V\dobxec.exe
    Filesize

    2.7MB

    MD5

    b7f922508a77ea4ecc48083612090f75

    SHA1

    138b3953b202b8ac4820084ba69dbb21c7bc2458

    SHA256

    c4e469f1e48bcdd6eb85816c5b47323c97f0fcbf2ef6d4c1122e486855186503

    SHA512

    5c0e668fc71b96f00d691ba0f57823915d2cad907eeb996bf7db4f6969d634dfd4de60c090c1bfa7fa942b7d0102ed98b8786d86a20d3176dcad2826071c8e90

    Download Submit
  • C:\SysDrvKR\devbodsys.exe
    Filesize

    2.7MB

    MD5

    16978a924ac27e65aab01c408dd4ebc0

    SHA1

    bfe9fffb49c12a7d44d2e57643bf97f716d32a82

    SHA256

    49696f069d4ec9faac526d5c77256e75e22faa7e30b535288507263a97e9e46c

    SHA512

    3a6089157bb64b2d1a50ef50dfe7e001d480357b3fa02b6b50c49eef33e3cedf05ce615c796dcdae4ceae78d1e91edbaf56ca635368c2d38047a304ba8c5e44b

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    f1655422e2527d3e68520d822a8f7991

    SHA1

    45870846633f33832ef9d87565c880c940a393b9

    SHA256

    4760a100b13f5b535cf76df372e68e13ed4598df68e25702a478cc76aece6102

    SHA512

    3ad308f94dfbafe17712981e4a43704e17b810a6f111a3cffcba61cd947eec4767d9f56669a1cde77146d4fdf2c1a92c5655a4f5ad9ce783d276170e0b4dbf92

    Download Submit