Analysis

  • max time kernel
    119s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 20:50

General

  • Target

    1b03326eb0891edd6f64d4a7e006d7a0N.exe

  • Size

    2.7MB

  • MD5

    1b03326eb0891edd6f64d4a7e006d7a0

  • SHA1

    b31b549ceb576952220affe3d5c3cb39fb34f1ab

  • SHA256

    8d94fda133b16643fe8f28a71e5c5b0e7053666a6f782f9c141d990c465d7a6f

  • SHA512

    b0f06af1dfd48367920c41bbeef50e1998071f6666af5248247fad9c166e7b47329eff60e634602a8a999697ac25883cd997cbcc212d2b48ef05672d368155a7

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4S+:+R0pI/IQlUoMPdmpSpT4X

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b03326eb0891edd6f64d4a7e006d7a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1b03326eb0891edd6f64d4a7e006d7a0N.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:552
    • C:\UserDot0X\xbodec.exe
      C:\UserDot0X\xbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\UserDot0X\xbodec.exe

    Filesize

    2.7MB

    MD5

    6e7c41b02da0316fd06922817079489d

    SHA1

    006eca01c2168787bb94f7e8bd23fd928e12bb7d

    SHA256

    9431f018fd0cdf5d7f49669141c7082867d0609d2745eb9ed19fd597fb148d2a

    SHA512

    96bc40ec6e4f61c0a186047acd9d780143b743a0b3222140ed840945e5127220081c7d19fe261964ce017614d080ddc834ea024ee34ce3d021a74af22238b081

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    202B

    MD5

    7f1f32f680334f6eafc30963c452b165

    SHA1

    00a013cfbd45a94c7e8350a7f5780ee76e988677

    SHA256

    da8e34a365d714cb03ce9846e6b5848a7f8d95318882014316bfcde2b0022aac

    SHA512

    4d6c89c078dd8439dcae418e856108f62b4ac5161a777bd12b8131669def445d0699d528fe2da9ffcce871fe6ef859836c4e70d1013fbcb169dcc84d0fe7e3e3

  • C:\VidOF\optidevloc.exe

    Filesize

    175KB

    MD5

    69e8c547267c9338e8f890c51b6127d7

    SHA1

    14f5a072ceb5d9d2e204eb61ec513e14d3591e08

    SHA256

    0471e725658788cb24334eecca5252e01e91662ea42559b90f20a2e6eec38186

    SHA512

    69d646080d89f4491858439b3f6fb43e9cac87a1e890a07a3fa4c9f91f6667586dc58cc6f0aa7f6e780ab638960fb241db6f741d77918a18e2588fa85e2da169