Overview

overview

7

Static

static

3

41ee6d44dc...0N.exe

windows7-x64

7

41ee6d44dc...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 02:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41ee6d44dc5dfb53682985465dd2cc40N.exe

  • Size

    2.7MB

  • MD5

    41ee6d44dc5dfb53682985465dd2cc40

  • SHA1

    615dc7d0096bd5b487a026d6af7111ae66c1a6d8

  • SHA256

    a2688f2ff0615ee8b272550985141b010001e953b82fb3ca09ebf88dbd2d57f3

  • SHA512

    2205aa337b78ba3b669c73cc20f98acb0e6d517070d3d767dd8ec749b81b97ff1350d29932f2348df2135c7ef9930ceea66d1f925066bcc4f008440be82a2c27

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB89w4S+:+R0pI/IQlUoMPdmpSpO4X

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41ee6d44dc5dfb53682985465dd2cc40N.exe
    "C:\Users\Admin\AppData\Local\Temp\41ee6d44dc5dfb53682985465dd2cc40N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\IntelprocJ0\xdobloc.exe
      C:\IntelprocJ0\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    c529602a5b0684ed4fbaf7172cb72896

    SHA1

    cd79dcc0bdd6422773bb73065701200214c9d53f

    SHA256

    0c19206dc3ebead370838224f88de410443c7f6d748983ad76eb94618644c9e1

    SHA512

    29cf3459b54184e80fec672a44970b3abfaf3400bffde19934ad2264e8fd74519b186c502dc341eb554c925f35de050142afd77ab5f72108c6c3ad4c3906ef1f

    Download Submit

  • C:\VidTC\dobasys.exe
    Filesize

    3KB

    MD5

    c7b51062c87a208f9442963c2b20d250

    SHA1

    0e547612586c272a27827db5dbbed56d37a255e7

    SHA256

    e3b4eadabd908d54c7c9252808b2cf750431927782a3b7b3e596467be1bde3e0

    SHA512

    fa80cfdd204d057f6913115178e8c1aa005c35300a166dbe3f278d747a2bd73b6ffc6df2602db45993d1fb681a48db8e6b9a5567228ee5007c7d933035c55e9c

    Download Submit

  • C:\VidTC\dobasys.exe
    Filesize

    2.7MB

    MD5

    b8d3ac0aa19cd74ed2340b00536bf19b

    SHA1

    ecb5eeeb246db1ad0c910f1e517c3a8b1d0d249c

    SHA256

    a88f52dd66b2c5e566ab850300dbc7210abe912c2588da6894d93cc6536a9aa8

    SHA512

    8ab45d55ade55c1ec05c6b1fcac1a48cdfe4ce6a0da0ac4e574d13b6038aa510f72b55d331a4fb42df6c9ba981c8692e7f2fcc3b894956455a99b3bd04f37375

    Download Submit

  • \IntelprocJ0\xdobloc.exe
    Filesize

    2.7MB

    MD5

    0b5cd690723bfd7e273e2534357d0ad0

    SHA1

    2aab39c39632de88e2545b727dcdb177699a9a2f

    SHA256

    6fa3c52bc01cca1f96d5b4befe697f18faa88d0460d248e358ec713141e087ff

    SHA512

    c4c2abad832e31613bb1fd9b25fb0243699725fd6f9a8910b4871f593989f601b2325834dbf7b12167c11482e424719d0ca2444c2860d1e1f3a6eeb1f3868850

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.