Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 22:24

General

  • Target

    614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe

  • Size

    4.1MB

  • MD5

    b3948607d2225b191fec016577cec140

  • SHA1

    582220e9a7808f1d0aa576e64adf2950b24e4bd1

  • SHA256

    614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d

  • SHA512

    a6a8a6281f9e4eb6c36bba2bd04a2250fd67f7d4a2fa251d022fb022ee7bc63784562494f6cabdaec181278833f53116da34602c83fb1f562ca0f4be389a313a

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp/4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmw5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe
    "C:\Users\Admin\AppData\Local\Temp\614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\UserDotRQ\devbodsys.exe
      C:\UserDotRQ\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2972

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\UserDotRQ\devbodsys.exe

          Filesize

          4.1MB

          MD5

          99bcfc76aae64acd570746494b0eaeca

          SHA1

          571047b5e659100c08cbb8da1be219f7a5f8f72a

          SHA256

          acd4b972856a1790b4ed94ab2fe78b0292db87a2ea34bf72eb09201e16e57981

          SHA512

          c1158f085f7e61eee95189b62d2db7ad6683023efc6b33061783387b1eb8faecdedcd208ac8993b26c234da63059c249cc2d669df744cc758ab7c9b5c8568000

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          205B

          MD5

          595a2f438ed368436b18b1cdce09f446

          SHA1

          f20a572a95b9b868ab8b884a6be75974925a429e

          SHA256

          de285c64ffcfba0e8e171111fcb397832b419664a8b42d70f798c7e5059918ed

          SHA512

          530396ce4c9742b97e424c5627df101e2f86c0f858bb893b051bb981fadbba35d1f5cb125a93bb9f8d4efa180cdf0ddab3a53165f2b0d7c7ed902643fb5f7401

        • C:\Vid1Y\boddevec.exe

          Filesize

          4.1MB

          MD5

          91c914b4a725c222bc1f47219653d665

          SHA1

          4a4b803693394ebadbf8be19232cabd7f3919c4f

          SHA256

          11145b820a2de80850c7de1e74492b101e37759a686e29170cc00f853f585491

          SHA512

          1dfdbe617a2daa55b4a0425ae6ff9e836bc5e76268e1b37722eb5096a878858150e9b494a2b3d02254b1477a54c2ffa7f7d183c017be924f992c298dc019081f