Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 20:04

General

  • Target

    3323e29080a682b8e2cd2f3cbef3a89f54b32cdb1f6fa0e14fc4cebf7dd22cc2.exe

  • Size

    2.7MB

  • MD5

    1daa5bc750bf1aed9e005d52d9b9fc57

  • SHA1

    555d9de7ed50f62041a4f9e768ffdfdc6aa36d81

  • SHA256

    3323e29080a682b8e2cd2f3cbef3a89f54b32cdb1f6fa0e14fc4cebf7dd22cc2

  • SHA512

    f2ec9830e6671634d4ce7d5c9540ac439659839d27be2056a6191648d46e6b57492bfbfcca991e7f19593fb486b7030dfb62cfe5250711b5a3322fc5d88cbe61

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpr4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3323e29080a682b8e2cd2f3cbef3a89f54b32cdb1f6fa0e14fc4cebf7dd22cc2.exe
    "C:\Users\Admin\AppData\Local\Temp\3323e29080a682b8e2cd2f3cbef3a89f54b32cdb1f6fa0e14fc4cebf7dd22cc2.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Files7C\xdobec.exe
      C:\Files7C\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2120

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          200B

          MD5

          47bc572958782ccb9979d7ad76cf9bad

          SHA1

          6b375bec75185fbc43aa352342c3ed449a2e8902

          SHA256

          c366451f3adb2753774967f07d9b2c801286c1b155c7a9c7af5ec85cdf8a2fb6

          SHA512

          9e2df2bd4272e7f6801dff0c167336236302d2a950629e3960594e840abfe352b7ab0b80649c720edbc32c388f23a90d9a2781c0d17b1a8e1ebfc64e464351ba

        • C:\Vid6M\dobxsys.exe

          Filesize

          2.7MB

          MD5

          a055f170ea033e816e9a46040cd2fa9d

          SHA1

          10994bd460a76dd131195e9b2253cb9500060743

          SHA256

          ce44bcbb2d98b17ff3e106e2a0d7a0cc35dd87128e9a127ee207772a2b8d178a

          SHA512

          9c817dec06bc664880f7fd0bb0cb65a729e259fc5ac842ca9c091d95f9c0e7ddfa75c68c0207b5a32b76f26de5fef35cb8be3ce8169a501e4c91154eb45e0afa

        • \Files7C\xdobec.exe

          Filesize

          2.7MB

          MD5

          de4ebf75add1a563796a0bfda7a95503

          SHA1

          6d7ed1aec906a441f57bc632055b66d1323bf7c1

          SHA256

          db34d83dbcb66d9c202e7bdbdc8a6d58ede954313517d8daab2a808343a006e0

          SHA512

          d94a2dc012193dd7edff3a21b9cb7da6ec756f25fee9b96f5c619111ed01e80868d8a34cc8b9c669c5f49f1652a1872f99ccd2f431a32ad01eebfb88c048cc3b