Analysis

  • max time kernel
    149s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 22:24

General

  • Target

    614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe

  • Size

    4.1MB

  • MD5

    b3948607d2225b191fec016577cec140

  • SHA1

    582220e9a7808f1d0aa576e64adf2950b24e4bd1

  • SHA256

    614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d

  • SHA512

    a6a8a6281f9e4eb6c36bba2bd04a2250fd67f7d4a2fa251d022fb022ee7bc63784562494f6cabdaec181278833f53116da34602c83fb1f562ca0f4be389a313a

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp/4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmw5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe
    "C:\Users\Admin\AppData\Local\Temp\614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4200
    • C:\Intelproc1Y\devoptiec.exe
      C:\Intelproc1Y\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1344

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Intelproc1Y\devoptiec.exe

          Filesize

          4.1MB

          MD5

          5376a124b0af56101dc99d7534452b7c

          SHA1

          39a925a3cdbc01c9d4c10473b7800db6a2456c64

          SHA256

          a2c5ad4c0ebc668b92ae5ae79da53b2c642f4d84617294dffac2c861c417d0ce

          SHA512

          6786a2cce406036049d02ecaa23839f96aa1796435f3cc0acb43daafb91d4c681e86d4c2f706d1323bb409965ace89db1eef2ab720cc319b362d24ff99243825

        • C:\LabZB9\dobaec.exe

          Filesize

          17KB

          MD5

          0c9f693724040eb946cf0570b4191a45

          SHA1

          c07f48eefda7d2d604318426889183d47f0b24e9

          SHA256

          8f559e4764a709d13201f431027e0515f77103ce5840d1050ff07d60cf893cac

          SHA512

          b8baa3976a43fe4cb2ced6e52c4accf2ddc1cfae29ea7d4a58bd94e10cf0b8d23c8a9e8ae140c9a76695c50babe7164433b9a39dc1e766e0dab5fcabc2f9fc43

        • C:\Users\Admin\253086396416_10.0_Admin.ini

          Filesize

          207B

          MD5

          c3548cbc17aa31659c6714023c6cc1b5

          SHA1

          f46477a3ceed819a59093ed1ed3cd6448a5798c9

          SHA256

          3ff73ee9b5017deb32e354a13bc22a85f081bec96b4d35d7b02cc8016266f6a7

          SHA512

          8b7abb496492730a712a1198b36f85a3b9046304eefa4ff4620ea8ca5f7393fde12175b3211d2f2ebd17f7cf9d32f791a071b55f5e62018041b355fcf8dd8e8a