Overview

overview

7

Static

static

3

boom.exe

windows7-x64

7

boom.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/robalos.dll

windows7-x64

1

$TEMP/robalos.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    boom.exe

  • Size

    282KB

  • MD5

    b2654ef2c13344278f0f60f20a9a0b64

  • SHA1

    4e33da9a683f3c248750fed54b42aace5a3ff033

  • SHA256

    c227d9d2c8b7d74cfa8d3aea3f8ad9a2b4341c399d80985a0d1648b1edbf0c76

  • SHA512

    d883f67b35237ceb9fd35db88700d2c7d90660f6fd2f6dcfa8e86cf546c6696b1b97c446d19d73850f9e51bdb8a11d11211b86c2f46924d6469f48f5516b7ec7

  • SSDEEP

    6144:uRlWoS//QYdqFMbpoIB3673YHV/KMUsPoo7RO+9S0Fs:eGfdq+bpzwq99jA+ny

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\boom.exe
    "C:\Users\Admin\AppData\Local\Temp\boom.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:3660
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2252

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nspC564.tmp\System.dll
      Filesize

      11KB

      MD5

      75ed96254fbf894e42058062b4b4f0d1

      SHA1

      996503f1383b49021eb3427bc28d13b5bbd11977

      SHA256

      a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

      SHA512

      58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\robalos.dll
      Filesize

      65KB

      MD5

      fcf117a8a010022fba35633cfa14dd22

      SHA1

      8a5ab7602b5806c6b6b68eaabb4969665b282a08

      SHA256

      6db156d7c07f73dc674ef4e17c08fba01b6f983e50e032019dade58057c7da34

      SHA512

      e4592a99682eccbe7fe7175d74ffabd6848f472789445e59abe5b005f306c8a203cb9d6ee985cdcd9020870b58b5c8b0739f6bbeac86427e3e117a5fa0631b34

      Download Submit