Overview

overview

7

Static

static

3

34cd8e5f4b...15.exe

windows7-x64

7

34cd8e5f4b...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2024 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34cd8e5f4b0383d628094815a2844cce0ab01811a9d1d775603899c62c92d315.exe

  • Size

    4.1MB

  • MD5

    bc17c58c6bbc66388a0e92cd6729c4b6

  • SHA1

    bece640ff522a70203c31b97bbc4e34d50148296

  • SHA256

    34cd8e5f4b0383d628094815a2844cce0ab01811a9d1d775603899c62c92d315

  • SHA512

    8f02352dadc36f49ed3b49e30b2b704625405cf08155aba40dd08ea89605f71df57c083253c521bab6fcf29db1b87b808a2363c75208e30d5d59332032340131

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpc4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmb5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34cd8e5f4b0383d628094815a2844cce0ab01811a9d1d775603899c62c92d315.exe
    "C:\Users\Admin\AppData\Local\Temp\34cd8e5f4b0383d628094815a2844cce0ab01811a9d1d775603899c62c92d315.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Files9S\xbodec.exe
      C:\Files9S\xbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxSY\dobaloc.exe
    Filesize

    34KB

    MD5

    7470a94d301468637a63e9beacd0b0a5

    SHA1

    5efdd39d8749eb5205b7244799c9491839597128

    SHA256

    46881cf984b3be5d7a46329610b6e34dae8994b1181d5f9682eb792eb9474ba1

    SHA512

    be10a1abc09238fd5fde8e7f7e571b54fd493d0eeba5566a9ffe0de49911af00e6b2eb30c90998f0e8131687aba5d776510118236992f3a0f869db3f72e07efc

    Download Submit

  • C:\GalaxSY\dobaloc.exe
    Filesize

    4.1MB

    MD5

    3d7cf0ad7f581209f7f7a2a43dd29304

    SHA1

    4e05165acd805cf263d15c20dc62d204cddf1bf4

    SHA256

    97c276f28de51ee349267a78d09b9111a62291162dede69d4c27f3d7d84255fe

    SHA512

    8c5a9347d52ec225351ed0395256a3106997bfbe5e93ed5237257bda2f95967b6fd60ff5ed5c11d478fcc338b4b48d62ddfc343280db7f62ea76f96812b5c73f

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    ebfa6242a135178f48df3568721e8caa

    SHA1

    628f65da94535d47053539d212b719d61eb72fb4

    SHA256

    5f2018a82ef53ec22148bf33ccbee06f0bcbba0689de5c2452f23d8846eac2a5

    SHA512

    b9d022249ea48bc3381b4dafdf35d528f33cc84f97b9753dbfddb59a9cad017f1ce8d07e094fbe769f6bca6f111a4aa5f005b1266eeaaaca580029224f002bc8

    Download Submit

  • \Files9S\xbodec.exe
    Filesize

    4.1MB

    MD5

    9d002756fa70194bbe40f298e009a0d9

    SHA1

    308727d42ae284896bcd36a694f432dee3e69eec

    SHA256

    f8acbfa5618564e8fff6b6b17105d65c1f3e2fcaa52edc88a1c62c8f52ba8d5c

    SHA512

    c233748715e313b5934d1d50c61d4e5d465621a996f662875e77495b2c978dcdd04ac4426657c50c9768b68e8fd574a36a535b465ca79f82c5d09314db701924

    Download Submit