Overview

overview

7

Static

static

3

d410285158...c9.exe

windows7-x64

7

d410285158...c9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4102851589cf205e8fe1c2c49cb08b02c5bbdd175218fec44fbca3f94c731c9.exe

  • Size

    2.7MB

  • MD5

    b2ae7c0208e76e8f143aa32ab0fc4408

  • SHA1

    e802692454c0032326f220802df9aac8daad8a74

  • SHA256

    d4102851589cf205e8fe1c2c49cb08b02c5bbdd175218fec44fbca3f94c731c9

  • SHA512

    6c1a45739c9be96098260790c1c02df4c85725963d3d394e9ffe529ed07434a99777e0d67ddb292b8df6371354412562bce3616ee4663b1e8866cfe0c8a8c4b8

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4S+:+R0pI/IQlUoMPdmpSpg4X

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4102851589cf205e8fe1c2c49cb08b02c5bbdd175218fec44fbca3f94c731c9.exe
    "C:\Users\Admin\AppData\Local\Temp\d4102851589cf205e8fe1c2c49cb08b02c5bbdd175218fec44fbca3f94c731c9.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\UserDotED\xdobsys.exe
      C:\UserDotED\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2212

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintH4\dobaloc.exe
    Filesize

    2.7MB

    MD5

    0512b283fe5510eeaa7e47ef6519d109

    SHA1

    27283d500f8afb883782ff47eb893a575be3f6db

    SHA256

    eabc2ec6b83f4993d1c08e6e0f172435bb6ecf365752aee84e787d99003cf523

    SHA512

    9f0fc026c61724087da56155ceccefedc95a2be8808c5a747e7f70b8e4a022adc5acfbca26d5a2777599230d390de5e0ddfcd771ae726e8df319a3de92e3ac71

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    e17f3be62de87994bc88ed8bc16037f6

    SHA1

    cd9d33f4ec7e04b96b9ba6c64b00bbfd92ad507f

    SHA256

    58ed46315041738b339fa30c93b622f457a209b84aa02adf1031ff55694663d8

    SHA512

    2c8ddb15e095c8168fb596a8682b9aa68e6c83e6eced78383fde3e225a836efbdae3e666b9adad5078d538c8a491bf3631afb919545ab49b5ada416b78cc2059

    Download Submit
  • \UserDotED\xdobsys.exe
    Filesize

    2.7MB

    MD5

    676f8fa8747297e7566ff25b2d9dcf84

    SHA1

    59a0286a72fac14e08e64fa851ae4e64f0b09e05

    SHA256

    0119158077d1fc2ae8be507aba5a65f4d68b8cf114bad3eb7748b745719ca6e5

    SHA512

    c6e5c55b37e2b48e7c4e1336d1184a599f9780ce332f8d466b1c80276985df4c924cb5060dd7ac5105107ec98b51f0cbef6f39432f5d39b7ea3b9cb5650270e0

    Download Submit