Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 07:55

General

  • Target

    bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe

  • Size

    2.7MB

  • MD5

    c123689ea8d6e1dc0cca3c454163f1cc

  • SHA1

    b5b7f649976f37c35a4a3fd441947ee24a485f77

  • SHA256

    bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93

  • SHA512

    bb48c921f7bf1c56a327b3964741c461f93eaa632e8024d56348344d10c3448d40916ada5408d157dfe32888116c5c5475871e7ecc6e2db9f07ac38d5fea368f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBX9w4Sx:+R0pI/IQlUoMPdmpSp/4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe
    "C:\Users\Admin\AppData\Local\Temp\bc53a48e3d0a07e65f95fc13a3ffeadd98dc939d0b5e1041d7cbc101fc915b93.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1592
    • C:\FilesXI\xdobec.exe
      C:\FilesXI\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesXI\xdobec.exe

    Filesize

    2.7MB

    MD5

    f304e61572c68a754ebe48f975a8907d

    SHA1

    c2c1ae78581b2ab743bb8e533393359cf104f26f

    SHA256

    52eff09c5f511977f6bb05e48463f40883bc2fea19627aa04f2daad5a9841620

    SHA512

    1b5f7a42d9085e40ff4ae9994d58a095315217145d90af591209c081a25f8519b884af9a076498846e50be475a25f57f1daba2bea769914a1522c51245b509bc

  • C:\MintT0\optidevsys.exe

    Filesize

    21KB

    MD5

    85ac8e8d98995fc09cc8e14b9d872d90

    SHA1

    adaa24efc93ffdc30c0f3eddaed74ed35e28744b

    SHA256

    4147383c7efa7821c6cfc8b7a765239587b96326516b35b8a29b5759d56b432d

    SHA512

    71b1aead94e4cf1bea92e76c1e652cc34c48ae4aa8a1a8f508276c2025ed5821c7ac8d66d8f165cd451ed36fcf9d03a044f936e5ad0acf3d006044ed8f1b1f3f

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    203B

    MD5

    73e7a9f20d3e7d7e4fdd88664da20bb1

    SHA1

    7fb1e4998617cce7a1a4c3756e50e7c4a451a823

    SHA256

    86bd0953898bc314b71b672e0fc3a96ca837f55a529cba81411be6345ee76e21

    SHA512

    00321bd9513525c475e5f068e9b53339090c536172929c7020920bd4e7e725389ae5377eb76a0a1b6ceaa672a01a08e601690461d6b2802ebfa1402037f24f81