Overview

overview

7

Static

static

3

90f95b0ab9...bd.exe

windows7-x64

7

90f95b0ab9...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2024 04:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90f95b0ab9d26cda5e931446a3a99eb08b983bf6d5983409eba41931c92bf9bd.exe

  • Size

    4.1MB

  • MD5

    ceae603f17896e6da16aa5e79ea49967

  • SHA1

    d2be7996c581f1ff700fa7312f28d9b23419dc97

  • SHA256

    90f95b0ab9d26cda5e931446a3a99eb08b983bf6d5983409eba41931c92bf9bd

  • SHA512

    fd4b28012fcf69a0895bbdbacdbe18a5020d9acad3f68508084a4901e8c545ac223340fe6a3ac0625bc46af4df65b4a234092c9c3042592bf70ea17eb7fc1e08

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpH4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmg5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90f95b0ab9d26cda5e931446a3a99eb08b983bf6d5983409eba41931c92bf9bd.exe
    "C:\Users\Admin\AppData\Local\Temp\90f95b0ab9d26cda5e931446a3a99eb08b983bf6d5983409eba41931c92bf9bd.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3076
    • C:\IntelprocJH\devbodec.exe
      C:\IntelprocJH\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocJH\devbodec.exe
    Filesize

    4.1MB

    MD5

    0ed68d4c144def0b3609910bdfe0822e

    SHA1

    7c68fe37f842929dac8ef212e7d75efb8613fd0b

    SHA256

    d1b4b6c6b38d558eb783b4b29364a24ff8534871467cde5566ec72b8c9cf8688

    SHA512

    c74a741fdf260cfac14b3c4b2a4e1e30930e8e0309e86fab4eb99d7d26c24ba39013639faa6d5878c7806c1c3b1fa3878a5e7336da73003b3fa9938eb60e696a

    Download Submit

  • C:\LabZWY\dobaec.exe
    Filesize

    4.1MB

    MD5

    0c0c6535c78cb0118427b07837fb8591

    SHA1

    24b7af0d39faf73eea0240fa3534a54191d400cd

    SHA256

    b8b1364b151b8fe4128e436a51b7cacd860156bb1ffbfcb33013cda050a4861b

    SHA512

    d1831212660a276037e4e96b2e0c8bde4dc036324587667d46680d96989075c3a1e05add03de632d9cd517be9673794adc2efd31280ef24a57dd05963ef996c9

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    18a2f953153abd95d17e3c11800122a2

    SHA1

    796afa206cc6708a8c05d252140bc83479c5c7fb

    SHA256

    cdb62e5485a8150ad4a52ac477f6d216c08de2e2cc03f5f4b5ace38602716fcf

    SHA512

    3333e972c1f84ae9e11a419487a13cba397d1be3fe186f2b269672f2becdc9ea9c04953deb2aa233e3269174fd34b62374e1acef3fa306ec0fb0dfcbffd24f02

    Download Submit