Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 20:04

General

  • Target

    3323e29080a682b8e2cd2f3cbef3a89f54b32cdb1f6fa0e14fc4cebf7dd22cc2.exe

  • Size

    2.7MB

  • MD5

    1daa5bc750bf1aed9e005d52d9b9fc57

  • SHA1

    555d9de7ed50f62041a4f9e768ffdfdc6aa36d81

  • SHA256

    3323e29080a682b8e2cd2f3cbef3a89f54b32cdb1f6fa0e14fc4cebf7dd22cc2

  • SHA512

    f2ec9830e6671634d4ce7d5c9540ac439659839d27be2056a6191648d46e6b57492bfbfcca991e7f19593fb486b7030dfb62cfe5250711b5a3322fc5d88cbe61

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpr4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3323e29080a682b8e2cd2f3cbef3a89f54b32cdb1f6fa0e14fc4cebf7dd22cc2.exe
    "C:\Users\Admin\AppData\Local\Temp\3323e29080a682b8e2cd2f3cbef3a89f54b32cdb1f6fa0e14fc4cebf7dd22cc2.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4044
    • C:\FilesFD\xbodloc.exe
      C:\FilesFD\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1660

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\FilesFD\xbodloc.exe

          Filesize

          2.7MB

          MD5

          72e6ee6b88241d137540b68ae43b1b58

          SHA1

          2660c8322f710cb2d1d9e60ffd02f9b2b8a96322

          SHA256

          6367b10756cdb77ca78171e00c79a0fb1bda7cb9b012a18357f840da7abdb4d0

          SHA512

          4f1f70aaaff162f5fa677236f0232072f09046e08e754b01aabb2d98ff1afc720ce793b87e8227f92014ead36389a7dc6731b3fa29c92d0e41a007b163176730

        • C:\LabZ4D\bodasys.exe

          Filesize

          22KB

          MD5

          cc51b3b7d209610f7a21f92f3b22e1e3

          SHA1

          d340f9fa1dce87346279c88d1951a44ae8a2a3ce

          SHA256

          6ae2d32ade74ce7d12c65077d60081010e1011e8a3aff6f70b42144fbb283a2b

          SHA512

          ee53bfc3287b9521ed72436ef4f8f763ec3d288c178bdedb22629440b3472ab7431c47027b83dc1dadb9c434f80a356aab24a536824210f7f94672b2946cd921

        • C:\Users\Admin\253086396416_10.0_Admin.ini

          Filesize

          197B

          MD5

          88f600249e32e442152f6fc726b82253

          SHA1

          a8e8e57b7367d1fbee095cbcd169481c85f3a0f3

          SHA256

          2840f477c8128d3329fd411f47b5567d943203a4b7a23ba9dcf2b6fa19e6ddfe

          SHA512

          3bb8368ae96e4737793ad3d31ecaaff18e2d4590eb8f9cd9cfcd8d5d97230e8f4bfd618403a8b6af87c5fc003e5686f3b7e1c6ae4c24c1d023fb16b1964040e6