Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 07:55

General

  • Target

    bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe

  • Size

    2.7MB

  • MD5

    c123689ea8d6e1dc0cca3c454163f1cc

  • SHA1

    b5b7f649976f37c35a4a3fd441947ee24a485f77

  • SHA256

    bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93

  • SHA512

    bb48c921f7bf1c56a327b3964741c461f93eaa632e8024d56348344d10c3448d40916ada5408d157dfe32888116c5c5475871e7ecc6e2db9f07ac38d5fea368f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBX9w4Sx:+R0pI/IQlUoMPdmpSp/4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe
    "C:\Users\Admin\AppData\Local\Temp\bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2592
    • C:\FilesIF\xdobec.exe
      C:\FilesIF\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint3P\bodxsys.exe

    Filesize

    2.7MB

    MD5

    633643800df8cd88df65d92d6e6a353a

    SHA1

    43dd243a3991cc5d7a5e0f5fcf7bcfcc4d5f2821

    SHA256

    a75c8ccde430578d430d4b684340b5e1c035d99a28764d9787d884ab390529bf

    SHA512

    5af3a300c1c73e29bbb6c59168dbb84bac5cccce46fdc19fef34c75428ce0b8212fd14ec560ad6326a99d735aca82155718f19b0b62ddd815b092769af957d1c

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    200B

    MD5

    2ddcb4f2cf54be0b471b7813275ad35e

    SHA1

    1e6cb29c5502f946763739edc4d9547cf9402e2c

    SHA256

    e5ed89fdd064e713e9eba0f94c27bea81f125fd9037e8e003fcc01490d262f9c

    SHA512

    c98767353681a34684afff702686d64ea3a149a1c4f5832242fd6ebcbb7bf0a0f502cdbb17dcf36a3d45bf04b3afaa26b1898723acea23ab9335c56bb0035930

  • \FilesIF\xdobec.exe

    Filesize

    2.7MB

    MD5

    795e89632055262659f7d12d1c28f580

    SHA1

    940497e35721a0041ea19ccc79a0b85340522492

    SHA256

    f79c441f79d1e12781ed411eea1c08974725651d3655bcd986342ece64330cca

    SHA512

    ed9ac8371fc4c909d98f52d6aee7b542f4ec0fb3ecafb0f0fe9b7540296f24e88afc5b2239069c2a41adb0ba9bc47bdb79a9b850cf3309ee7f90ebb1feefd58a