c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 03:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
Size

2.7MB
MD5

7b95d6518eb30b4fec3b200fb31d34aa
SHA1

d27241b9f61dba723fc8cfb7981b613421258e8e
SHA256

c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3
SHA512

901b7c8f1d5df4dbc843d40d1ab5d1597b3b6551f9d9c7f16536e20b31d758fd21f6d4c05b81e39a993c669afd761b7eb33c4faa5ca54ec9da473f885c308d1c
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB59w4Sx:+R0pI/IQlUoMPdmpSpl4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1944	abodsys.exe

Loads dropped DLL 1 IoCs

pid	Process
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocYR\\abodsys.exe"	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidGA\\boddevloc.exe"	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
1944	abodsys.exe
1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1944	1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe	28
PID 1700 wrote to memory of 1944	1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe	28
PID 1700 wrote to memory of 1944	1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe	28
PID 1700 wrote to memory of 1944	1700	c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe	28

C:\Users\Admin\AppData\Local\Temp\c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe
"C:\Users\Admin\AppData\Local\Temp\c7d31d7f445dea24f293e2903571506011b14d294260e221190e9f0ea5b1d8a3.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1700
- C:\IntelprocYR\abodsys.exe
  C:\IntelprocYR\abodsys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
205B

MD5
a084980d13ed8451e6f883e704007127

SHA1
5ea668177b610e649017fc410f841d9f209af673

SHA256
0909e702f82c373a1fb82f8766eee1c312e714ed10ae6c2b70ba6d2cae043cee

SHA512
994c3ee44e12fa23bc39df89954ae83473b00962e69115da115f306ed3702cea89a7bc1ff62e64ed38d1606cc15dbd2b144bd11bbbfaf0ab9cb5e7da067949a7

Download Submit
C:\VidGA\boddevloc.exe

Filesize
2.7MB

MD5
c76af41aa7280defc0863f23b9cad4e6

SHA1
4692be8b07c6ee18ede5f5eea70ef932c1a46cac

SHA256
316a57a7247e10f527e87f5829a896cb8264e5ca589eec493ab9c25e177eba6e

SHA512
44c0d6baf44b78ce9f08f9a445ab064d9db91053831d3c17fa6153c908ea6486d2ff29634ee6482589183a4ad93cfcb5cee632c08a36b09eb5d83366c89ec975

Download Submit
\IntelprocYR\abodsys.exe

Filesize
2.7MB

MD5
e30a5d84e3bc9090ea3538b2f8315d04

SHA1
0f5914c9ef3eb3062b8b45829d8f9cc174e1067f

SHA256
75a93dac2b150875caf94592ed2f15e05285cd69a223b1498ea9dbe558279cb7

SHA512
b509fcaadc8723a4bed6040a519346e26e2b59ac5ec1b6807fd4f3a260afe2ba3490fd0648e30d789f960eafc1439b839fa6560ad05a3e52853c49bba7c4d551

Download Submit