Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-05-2024 20:59

General

  • Target

    458db012ba87452882fcd9f00014e4827f2f3ce10be701f7160f311a81619e3c.exe

  • Size

    2.7MB

  • MD5

    204932018cbe2d461aa1740063a51ec1

  • SHA1

    1d7701ef025109abe2008ddc86900fb61bbfd280

  • SHA256

    458db012ba87452882fcd9f00014e4827f2f3ce10be701f7160f311a81619e3c

  • SHA512

    e79b99daef0214a14fbf0b9afe9fa71d51a514bfaba29ada712c40cfaff696aeff48c0517ef26bf777ae998847d77db15219758297bc6531b697cb5c3e2ad559

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBu9w4Sx:+R0pI/IQlUoMPdmpSpU4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\458db012ba87452882fcd9f00014e4827f2f3ce10be701f7160f311a81619e3c.exe
    "C:\Users\Admin\AppData\Local\Temp\458db012ba87452882fcd9f00014e4827f2f3ce10be701f7160f311a81619e3c.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\UserDotHI\xbodsys.exe
      C:\UserDotHI\xbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxWK\dobasys.exe

    Filesize

    2.7MB

    MD5

    d2478312cd54831f536c3552fe968b65

    SHA1

    6d8aa33adb8d5ed7e2eb524822e03da23b32dd86

    SHA256

    ea94b2a4e573fa2da2ca2d8bde181addaa3a29359666ce79e86e1e6cd2cdb8d8

    SHA512

    a3bbd30e028840d229d9db02b3f634c049d3dc7b1709cb78aa432377a960182064d60996ba07d9535b0e63eaf6e792f373414db5b7863291ba9510829d5799f4

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    203B

    MD5

    fe9bc5ae24157c522fb3537ad82db5e8

    SHA1

    edf6784b642b540212be3ef7a88efc2ec766b23b

    SHA256

    291d39618e4b517d5eb9a01f27cf8cf2e5f4bbb4e82777c1cc1bf045888fc9b7

    SHA512

    0d5d127956d06fff1ca54d8164bcf04d201cc8b5d24ae30d06822c9ebc1586f091d51c24e62cd935d61ce3d545b7c31254d75d5cdb94358bf94ccb2e5e677cf4

  • \UserDotHI\xbodsys.exe

    Filesize

    2.7MB

    MD5

    c2ba0c2ffeb1f1e4dd05acb9e24799b9

    SHA1

    5f46e3d1dd8de7cc9b18c345a8f35039638336b3

    SHA256

    2a675b8299e34ee404c85105be0340dd995cef3a6ad7fa2d5dcf7738637ca8be

    SHA512

    fad758186a22bbf9c6e052c11a1b31df1dbc7c43235a120290d510e3ca48b7610198a73f68fc1bc4f5091900cf587fc94005a8a3013a4784d09139cd3f475d5b