Analysis

  • max time kernel
    119s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 02:41

General

  • Target

    41ee6d44dc5dfb53682985465dd2cc40N.exe

  • Size

    2.7MB

  • MD5

    41ee6d44dc5dfb53682985465dd2cc40

  • SHA1

    615dc7d0096bd5b487a026d6af7111ae66c1a6d8

  • SHA256

    a2688f2ff0615ee8b272550985141b010001e953b82fb3ca09ebf88dbd2d57f3

  • SHA512

    2205aa337b78ba3b669c73cc20f98acb0e6d517070d3d767dd8ec749b81b97ff1350d29932f2348df2135c7ef9930ceea66d1f925066bcc4f008440be82a2c27

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB89w4S+:+R0pI/IQlUoMPdmpSpO4X

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41ee6d44dc5dfb53682985465dd2cc40N.exe
    "C:\Users\Admin\AppData\Local\Temp\41ee6d44dc5dfb53682985465dd2cc40N.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5096
    • C:\IntelprocUA\xdobloc.exe
      C:\IntelprocUA\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocUA\xdobloc.exe

    Filesize

    2.7MB

    MD5

    34fba15ca552fffee5eeca797be25786

    SHA1

    25349814045f78e258999a1a50c9acc786a81fc6

    SHA256

    b5d1129091556e6169bb14ff431bba6318680bdac0a4444f8bde1f8519ea9d2b

    SHA512

    77937e282a7d0c33ea8b26c475b1a249dc043faaa6540f2ec3cdf47346b4f33b71336b6b139df0b392bdad370f923501d363b88eaac37ac491931c9d71ce2c7f

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    205B

    MD5

    261c69c7e07b2eedcc1b80cdcad94d95

    SHA1

    1a6bbc616027c96f9cd5791180529e837fc69997

    SHA256

    04e9c032ac6e97149210bfb813f7dfee6d0a4144ef2aee0b9627349a0aa3955e

    SHA512

    211b01feae69073e49c24621aeb41fa34bf9cf3c3e3f79a21ac717d1081d41b1b25b65710f22bd607be3e5aa1d36b5ecc3adfbba005940eda1891558b578fd54

  • C:\Vid86\optidevsys.exe

    Filesize

    115KB

    MD5

    f05a5bbed71836305c236c85ddead794

    SHA1

    4f8df43e026a764960f88d620bd11aa117e0ff7b

    SHA256

    a6cf72dc2eae9247d9037dbc789a38fb332380802fd4f936bf60555a0ffd3d6d

    SHA512

    bf58084a117e69f818594f95bcf0de923fbc75ff9daf57a0d0a7d2d16f5926c0af9a8bcd465922de2ac824ae43c8a0d3ddbadb0861e2a9de1e3e2555eaa2db97