Overview

overview

7

Static

static

3

406ccb9d7d...bf.exe

windows7-x64

7

406ccb9d7d...bf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 20:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    406ccb9d7d676aba220e0fc114e0dd67012599033ebd125310651e7b11fba8bf.exe

  • Size

    2.7MB

  • MD5

    3fd2a3cd278cba15c723cb72d5945c15

  • SHA1

    5b98eaf1850e1c8ce5ac75e25b6d67e13b8e3756

  • SHA256

    406ccb9d7d676aba220e0fc114e0dd67012599033ebd125310651e7b11fba8bf

  • SHA512

    fafca65c0f44b0f65fcb58efa1283727e28fa232acb78c9ac363b67520eef26dfd804afce83ff1c7e1f3f08c8e762dc9f960c98bb3aedf7066aac83023589d58

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBp9w4Sx:+R0pI/IQlUoMPdmpSp54

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\406ccb9d7d676aba220e0fc114e0dd67012599033ebd125310651e7b11fba8bf.exe
    "C:\Users\Admin\AppData\Local\Temp\406ccb9d7d676aba220e0fc114e0dd67012599033ebd125310651e7b11fba8bf.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3136
    • C:\IntelprocJI\devbodloc.exe
      C:\IntelprocJI\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3768

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\IntelprocJI\devbodloc.exe
          Filesize

          2.7MB

          MD5

          452f1ff2e1b56dea25fb4fcd8cebea95

          SHA1

          b2e38567b3e4f52a867ba6c24eb9a71d45b1eadc

          SHA256

          66b3ef0aaa34f1ab97e3e6ca8dc92ed367a57482dbc7aff08c030e18043126fa

          SHA512

          ab3b53a13c53fda5dfdc56a3e41f78484b004a62b57d43cd8b5562d875a2ec658d56705f50cbaf8ae5b5df09640996da1088a7631dbd304a2a6b01d6f869ff7b

          Download Submit

        • C:\KaVBC8\dobasys.exe
          Filesize

          311KB

          MD5

          18c0e66ad25149fce23c44a97e046e41

          SHA1

          570d30b0ef30afb3dfaa7e37c194259c044208f0

          SHA256

          d717edb74aed32f89581e94425e63b3aa6f94f397dcff8d76cf4449a0520937c

          SHA512

          b30e32f9009726d32d8f5ddbdb30b476eca48ef4ba79e0b5102a0b98630bc19b692d5bb333b28af26ed8a1a77fc2d569297c8a3ce53c817011f7a41309cbc1b9

          Download Submit

        • C:\KaVBC8\dobasys.exe
          Filesize

          2.7MB

          MD5

          bb07154bf1fb29808f91bd1e2586f6e7

          SHA1

          79df2c1aebbf044fdd3c7f73a67f08bad4115b68

          SHA256

          fcfdc6a04751727b3fb59de81a605f00eb15efe001b1e31bf9f5927f8cddf807

          SHA512

          cf7a807c098b5ec163c1aecce484dc4fbc448c2c4571ee6110726cd75c161997e8b9746ebb08b4204ee251438803fd722622d03fd83f2fe43934c60c452ce9a2

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          208B

          MD5

          f5ea77e32ffb98430b6f3b302b22ffeb

          SHA1

          04b3a207bac7bb75c60ff19c389afaaf6fa34822

          SHA256

          8a05f02c5431b0aae2d2144a685bfd14b98582eb580516c4134fc7e96bc95497

          SHA512

          332338e2ab39a218fb1c52ca1033eaabc27e9966c4c751ff7f9c5ad90b98d132024f80e106f5378a3a9de4488b37949a53c3bb19eb7ff05329e316c6d72df20b

          Download Submit