Overview

overview

7

Static

static

3

0b4116848e...fe.exe

windows7-x64

7

0b4116848e...fe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 18:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b4116848e51e8c6cfa6dbebd4be88ae0b1fcf94c32dfa7da90ec64e8c739efe.exe

  • Size

    2.7MB

  • MD5

    80c377f38ca80fe2d6755d213fbc65fb

  • SHA1

    94f0a98307acf83b916d8989ef0ed84c5b0f66cf

  • SHA256

    0b4116848e51e8c6cfa6dbebd4be88ae0b1fcf94c32dfa7da90ec64e8c739efe

  • SHA512

    da77536b3ddd1ac064fc65cf2ffbb42bffdd3200ef6e5439cc204cc00909be69a4d4cf38010c3034d35090cba26d5c12567aa803a31512af2b7be8384afd2987

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpn4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b4116848e51e8c6cfa6dbebd4be88ae0b1fcf94c32dfa7da90ec64e8c739efe.exe
    "C:\Users\Admin\AppData\Local\Temp\0b4116848e51e8c6cfa6dbebd4be88ae0b1fcf94c32dfa7da90ec64e8c739efe.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:624
    • C:\SysDrv1E\xbodec.exe
      C:\SysDrv1E\xbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxCN\boddevec.exe
    Filesize

    2.7MB

    MD5

    f17c6a500138076eb6b61e27be99bacf

    SHA1

    d95739c65ed392f7c15bc0be703a925288029e4b

    SHA256

    86a246a2898ba4cde7ebca1ec0d5b585f039923afabeb0b4a7477b8d84ab44c8

    SHA512

    ea1a472f73b3df33b9df4958a1227133785af75b0a3b1110a08a671c8110d61194d1a4509a3505374a38d2d5b316fb86d1ea3605080bc284253c20e61ef2d210

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    77a45df39a80ae8efeb2960ca65396d6

    SHA1

    b6049b9e252d4225530802ae99a79feffbb2b081

    SHA256

    1e7e11fe2d942dbdca73ff8b163a179eace8947599a920ff1187072d50ab052c

    SHA512

    4508d61dd72690e14d3611ca9c50943d7bdc0f3a4c1ae332f1797809281056cd63388d7f7358da4575a2334fe3ba60e09f84809b8022103dac2b7a6245722551

    Download Submit

  • \SysDrv1E\xbodec.exe
    Filesize

    2.7MB

    MD5

    753109d06264cd90893b516039ebd8c9

    SHA1

    baf8500f72e76c24091acf9094e79ae97b8adc7d

    SHA256

    3e72fa278644042d5648dd8f1567865a4b499869d3bb5b77782e868846bce08a

    SHA512

    6f6dfe24282637372afa037d73a786df97d3599d94ea926bb713ce5acbce98f7af2d68b7b3c6967d5d648a6fb89443163a546654584a7caaac16a1ea12e56cc3

    Download Submit