Overview

overview

7

Static

static

3

46402cf745...0N.exe

windows7-x64

7

46402cf745...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 03:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46402cf74586bad6b738b33cd6d38b60N.exe

  • Size

    2.7MB

  • MD5

    46402cf74586bad6b738b33cd6d38b60

  • SHA1

    8f574dd6d0f93f38275a783c54c3970ff821b6ea

  • SHA256

    aecf66ecaf04413286ede9602862331ee7ea7980612214708f0adc0da130d7ae

  • SHA512

    d47795a3b7dfcfde61b08a5c79d9bbe27eb3da887e41454d02332ff00bd6ebc107320b053ab4132c5ad508f9fc83ebf63c959456ef37e587dea34fbe8476a1a7

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBq9w4S+:+R0pI/IQlUoMPdmpSpk4X

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46402cf74586bad6b738b33cd6d38b60N.exe
    "C:\Users\Admin\AppData\Local\Temp\46402cf74586bad6b738b33cd6d38b60N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:712
    • C:\Adobe43\xbodloc.exe
      C:\Adobe43\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ91\bodasys.exe
    Filesize

    1.6MB

    MD5

    3f1682f4ae343d0d4ffd5d0c1f43a01c

    SHA1

    0396bd79cac39813ff89195eadf00d416aa2ad8d

    SHA256

    ed53f4d67bca3b8f7f196e2de4f36534e44660384907951829063e80dcf7a3e7

    SHA512

    73d8258f221a0abe37b17aeb010108bb436dd32cbdb6683fc3827e016179fd0fa5b86c893179b7a97a912245ba13920a755d779dd1b448e9f35670b1901fb737

    Download Submit

  • C:\LabZ91\bodasys.exe
    Filesize

    2.7MB

    MD5

    8cc707cad3e94765e93178aaf744f911

    SHA1

    7255fd347e2adb51324866d5b63fb31a689fc8cd

    SHA256

    2009493d6cbf129126c7c7fd1a67fcb41b19a59d29d5f964fa805f5421ded19e

    SHA512

    790759e01f73ec7bdf576a8201b1c9da287f4a2efd2078e82eb05a19ccc58a2e14ac55c467954d834444a24a7a18384bd35b22ef7dacfcc827f91a202b1f863d

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    24c4bf97b465be3078256ba22a9e7fe0

    SHA1

    358433d5b69421ae0ae3b646c378141ea164bd2b

    SHA256

    85f0ff6a9523866393a1bae2290ee963de946106eb66606ee8a218228f045153

    SHA512

    52552aa2fc1975a87c17de99d59b5de7e5c4de23b8392a99974f39395b22bc33d01c7a4173fe26957c01c3936b7029b7556f132671fa33f2d283db8b5d58cee2

    Download Submit

  • \Adobe43\xbodloc.exe
    Filesize

    2.7MB

    MD5

    7af6f994fd0efe345b7739b2d61c5c59

    SHA1

    ff604a56e7c188e955b846941dad79627c5b9cb0

    SHA256

    c85952aab10f4d92e7c30b4a68d846b13c20c6f492bddb4327a5296a7c31f826

    SHA512

    cd1657c6ec2dc607f5dfbc6fe705969958ce72f73a4ce6ab6169ee0f83b67c2c2136d93cbd1446b10e26aed515b0ab02382fc343508bd3476d75dad420b45e2f

    Download Submit