Overview

overview

7

Static

static

3

339c9bb0f4...5d.exe

windows7-x64

7

339c9bb0f4...5d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 21:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    339c9bb0f4d5a49f2230b478e569f7d1964a1eb326dfde20dafe1b92f131375d.exe

  • Size

    4.1MB

  • MD5

    404ccbd410de6769e31c1317bbbf1629

  • SHA1

    e56bc3d36d8467523ab6e362a1de8320747e312f

  • SHA256

    339c9bb0f4d5a49f2230b478e569f7d1964a1eb326dfde20dafe1b92f131375d

  • SHA512

    8e68bb8b9c1a63ab7f6323167a2fc788e1f6de4224ba3a12cabc310533327de85327a3c23697311d759b554c2ebebb6238770dc929a2d831aac2896c15d3df7e

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpU4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm/5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\339c9bb0f4d5a49f2230b478e569f7d1964a1eb326dfde20dafe1b92f131375d.exe
    "C:\Users\Admin\AppData\Local\Temp\339c9bb0f4d5a49f2230b478e569f7d1964a1eb326dfde20dafe1b92f131375d.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3844
    • C:\IntelprocAZ\devbodsys.exe
      C:\IntelprocAZ\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2008

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\GalaxBQ\bodxloc.exe
          Filesize

          22KB

          MD5

          cc51b3b7d209610f7a21f92f3b22e1e3

          SHA1

          d340f9fa1dce87346279c88d1951a44ae8a2a3ce

          SHA256

          6ae2d32ade74ce7d12c65077d60081010e1011e8a3aff6f70b42144fbb283a2b

          SHA512

          ee53bfc3287b9521ed72436ef4f8f763ec3d288c178bdedb22629440b3472ab7431c47027b83dc1dadb9c434f80a356aab24a536824210f7f94672b2946cd921

          Download Submit

        • C:\GalaxBQ\bodxloc.exe
          Filesize

          4.1MB

          MD5

          3caab419a1b250b081b50f17d4bcfd5f

          SHA1

          b636f20ddbac6354f5115d91e5b0f87991c60c6e

          SHA256

          9e4e804c5d51e62015ae471e73093f0fc7d6b1f932a90ae5a37fca29f55516a3

          SHA512

          8c4bb7d4da0cfd4bc100dba0b53e30d90106cbe72ecb4ebad0dd3661e141b0fb3f691f8de295ca88ed9e7d66fc88b2bc5bd447c52d26f463a176966e8806c940

          Download Submit

        • C:\IntelprocAZ\devbodsys.exe
          Filesize

          4.1MB

          MD5

          9ec544f01136118680558703812df309

          SHA1

          8c4c928baa10919f8e922caedb0d5820f3dffd17

          SHA256

          1ae58f442d8a9ec5addaaae34a81616f85b364d78ab7cdd257c594c6baee28d0

          SHA512

          f083ab2253b9d347ca1a0664873c9b26d1ba5973a7fff03614c583dfc3bae2c0382a2548af1801d0e3d160b44fe8e4deab55cd88b0222a2a03fa6017cfdff4b9

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          207B

          MD5

          df146efd3ee0973635a850e88830cf43

          SHA1

          a4ec0d7b29e732730299c75a1c252399df151523

          SHA256

          0c98852e647366140478e40633ba8b1dcc74813bf7cd38a1ccce0a0bd1f97022

          SHA512

          b745b112cae9b2dadf83abd115df9f0b0bc345c716723465cab1fe00c28636fd82dad3b97e98b17d9b7644e87725b906472b86a05bf0a3570a2d419fbd642461

          Download Submit