Analysis
-
max time kernel
149s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
09/06/2024, 07:55
Static task
static1
Behavioral task
behavioral1
Sample
bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe
Resource
win10v2004-20240426-en
General
-
Target
bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe
-
Size
2.7MB
-
MD5
c123689ea8d6e1dc0cca3c454163f1cc
-
SHA1
b5b7f649976f37c35a4a3fd441947ee24a485f77
-
SHA256
bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93
-
SHA512
bb48c921f7bf1c56a327b3964741c461f93eaa632e8024d56348344d10c3448d40916ada5408d157dfe32888116c5c5475871e7ecc6e2db9f07ac38d5fea368f
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBX9w4Sx:+R0pI/IQlUoMPdmpSp/4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4548 xdobec.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesXI\\xdobec.exe" bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintT0\\optidevsys.exe" bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 4548 xdobec.exe 4548 xdobec.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1592 wrote to memory of 4548 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 89 PID 1592 wrote to memory of 4548 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 89 PID 1592 wrote to memory of 4548 1592 bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe"C:\Users\Admin\AppData\Local\Temp\bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1592 -
C:\FilesXI\xdobec.exeC:\FilesXI\xdobec.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5f304e61572c68a754ebe48f975a8907d
SHA1c2c1ae78581b2ab743bb8e533393359cf104f26f
SHA25652eff09c5f511977f6bb05e48463f40883bc2fea19627aa04f2daad5a9841620
SHA5121b5f7a42d9085e40ff4ae9994d58a095315217145d90af591209c081a25f8519b884af9a076498846e50be475a25f57f1daba2bea769914a1522c51245b509bc
-
Filesize
21KB
MD585ac8e8d98995fc09cc8e14b9d872d90
SHA1adaa24efc93ffdc30c0f3eddaed74ed35e28744b
SHA2564147383c7efa7821c6cfc8b7a765239587b96326516b35b8a29b5759d56b432d
SHA51271b1aead94e4cf1bea92e76c1e652cc34c48ae4aa8a1a8f508276c2025ed5821c7ac8d66d8f165cd451ed36fcf9d03a044f936e5ad0acf3d006044ed8f1b1f3f
-
Filesize
203B
MD573e7a9f20d3e7d7e4fdd88664da20bb1
SHA17fb1e4998617cce7a1a4c3756e50e7c4a451a823
SHA25686bd0953898bc314b71b672e0fc3a96ca837f55a529cba81411be6345ee76e21
SHA51200321bd9513525c475e5f068e9b53339090c536172929c7020920bd4e7e725389ae5377eb76a0a1b6ceaa672a01a08e601690461d6b2802ebfa1402037f24f81