d11864a90817ce9f9615ea794e6e4e613d93fe766a01ba465a917435debddf67

Analysis

max time kernel
119s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 23:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f5429b7ebde6d816af2f7775699bc90N.exe
Size

2.7MB
MD5

1f5429b7ebde6d816af2f7775699bc90
SHA1

1b799c97592210f9f503f878c1c361fd42898006
SHA256

d11864a90817ce9f9615ea794e6e4e613d93fe766a01ba465a917435debddf67
SHA512

fd388efea7562676aae7a2eb3d74f157c66d6ab5c6144066af478bc321218b5ebccc1150a8c3d2f7af4b2403aa6278795fc8512f77256b7bca92eb76fd32f007
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4Sx:+R0pI/IQlUoMPdmpSpO4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4304	abodec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\Mint9I\\bodaec.exe"	1f5429b7ebde6d816af2f7775699bc90N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotOE\\abodec.exe"	1f5429b7ebde6d816af2f7775699bc90N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4304	abodec.exe
4304	abodec.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe
4816	1f5429b7ebde6d816af2f7775699bc90N.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 4304	4816	1f5429b7ebde6d816af2f7775699bc90N.exe	87
PID 4816 wrote to memory of 4304	4816	1f5429b7ebde6d816af2f7775699bc90N.exe	87
PID 4816 wrote to memory of 4304	4816	1f5429b7ebde6d816af2f7775699bc90N.exe	87

C:\Users\Admin\AppData\Local\Temp\1f5429b7ebde6d816af2f7775699bc90N.exe
"C:\Users\Admin\AppData\Local\Temp\1f5429b7ebde6d816af2f7775699bc90N.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4816
- C:\UserDotOE\abodec.exe
  C:\UserDotOE\abodec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Mint9I\bodaec.exe

Filesize
1.2MB

MD5
c95ea3688473007ad66c47c92917609b

SHA1
f6e4d6280ceb651d085cb5d96cdcd38cb67c0f50

SHA256
447addf93ce1dec2ae4e1874756e0784e2db45c78889280da678c374b499368b

SHA512
789266f98fac2ee876d280453bcc704146a43665d9223655a1d7b0c2029e3874d329c347b493beeb23503cfe0cf154a3182d0f0ea30437246ca38334ea111ee9

Download Submit
C:\Mint9I\bodaec.exe

Filesize
2.7MB

MD5
9b98a2545a60686b63247f1d87c1c4bc

SHA1
43c61ae433389adddf299f6b0bc9f74144e31198

SHA256
35326e82b2cafd8ec148c2015b3e6881d38890e18a1db71ebae3ac7f0c298c34

SHA512
4fa8a63e6f59882fc7f3dbad32a5ac6e8976d14dedfbe3b31451d96fcf96b3887fe55987ebd22350df7b909c69f2ffbcde3f9d9c5ddbf070e380a2ee8451c83f

Download Submit
C:\UserDotOE\abodec.exe

Filesize
2.7MB

MD5
63fca9b08cbc7a2e33c31c23e6427682

SHA1
9e6b031aae6e164f6ea6f2cb1f54e4347c2c9a40

SHA256
a1866ff9f4bc981cab4f7ba2f576b6a1bc7da4895f4d1b2511dc7096e6133685

SHA512
20960d9821114e0f9081f74679475934b3d19fbeddfbe8193cf70fc4eb74786d864379072d39d20281fd039297553db8d504b400b612047183d97c546239cd27

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
200B

MD5
17dec93f21bf0fa9a252a2a588e84ffc

SHA1
265bdb1876e62efea998da218179d54e8a00f977

SHA256
8e91598aef0ea703e4abaf27d16e91d712795f4d44ff93c4e9491128f7083919

SHA512
f63e64cf3e316b0da8722571e27b3e4498f314773309b81902a1bb1690282069499901c6796dce898f943ac1c6dc9cb9b8b6ae0bbd855dfa0ed52f118edde935

Download Submit