Overview

overview

7

Static

static

3

3b643ab2f9...56.exe

windows7-x64

7

3b643ab2f9...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 04:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3b643ab2f96615da4789f1997117edcd86203251134dd8aad7ea90b3a8323c56.exe

  • Size

    2.7MB

  • MD5

    0abef5fe35f2e93b59d532736a0e62f0

  • SHA1

    f91ec1ac0c869af35f77740806405ddf2dccec1f

  • SHA256

    3b643ab2f96615da4789f1997117edcd86203251134dd8aad7ea90b3a8323c56

  • SHA512

    32ac89f7faf640af2dab07fe667b0f6100d11b0ad96f1edc7cfccb0f97061b15d536fec97ce33ef09092291f4f3b591246d230089c4e97546fb5901a95230bc5

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpj4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b643ab2f96615da4789f1997117edcd86203251134dd8aad7ea90b3a8323c56.exe
    "C:\Users\Admin\AppData\Local\Temp\3b643ab2f96615da4789f1997117edcd86203251134dd8aad7ea90b3a8323c56.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4660
    • C:\Files4Q\xbodloc.exe
      C:\Files4Q\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3656
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3852,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3672 /prefetch:8
    1⤵
      PID:4244

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Files4Q\xbodloc.exe
            Filesize

            2.7MB

            MD5

            92dbbd1c515335f2a35c0103ace6f548

            SHA1

            bb3601ea05960628e520709b03db841b63f25162

            SHA256

            ff67cbc9e68e45ed8ffb8444848649ba8569fc1d4ab6dcb7d868c50f3758c703

            SHA512

            50282d1d8053358c5195d0992c52e70d7a3f27f3b5787b40bfdd54dec5e7b0ec32b424533871c069d4b0ccb8f6b763ab8e138f788175090ecdc2b3ff547083c1

            Download Submit

          • C:\KaVB8T\bodxsys.exe
            Filesize

            402KB

            MD5

            207e8888e80c8722795eee31bb1a1e0d

            SHA1

            ef63647dd8bee52a5e9e7dd0b989ddf684494911

            SHA256

            28086e1d7562eee5ab1f8788fff71aae280acd8fdef4c4f1b430c2a67496bbe4

            SHA512

            86bd7a72e42cc78a05b48b5f36b1a0de33aafc64b8fab67ca5d1bfe230ed6c82017fae75d3e5fe02672af66ba4ba3d51eb7c2454726e7145dd8a3453fbbf60a9

            Download Submit

          • C:\KaVB8T\bodxsys.exe
            Filesize

            2.7MB

            MD5

            3c2f82a236ba98872bec99b870e52dfb

            SHA1

            6eb777edaf8c41b630dd5348468f39eeb44a3cae

            SHA256

            71dead943bc171d6be7af9ca8d9b5b9b96a1e72d5bf7bb0301adf92c150c0400

            SHA512

            74103af7d1aa8d70bb22703d7df48aec7b254c4d345bbf7339b9d71edd18227ba2353c5652fe90e6196d83417b8fcc5cf0e0fbda64d6cb95761f97f269a46241

            Download Submit

          • C:\Users\Admin\253086396416_10.0_Admin.ini
            Filesize

            201B

            MD5

            335298937243a2ef2b6c4052d9c212a6

            SHA1

            4da926444e3703126b84cabcc7f68bc128d25939

            SHA256

            9cc422bf95b4762e304716bec799aa99cd9874ed618f490cd814542e9e3e7356

            SHA512

            4e91c88bf3a9ee19fc003cca3af44b810c0d97e74baa998a47c38e95404b1b53e6d7531bdaf98a76a7011fdc29735817ce288e40c04bba80ac0b19bbec0ccf97

            Download Submit