Overview

overview

7

Static

static

3

111dccd40f...0N.exe

windows7-x64

7

111dccd40f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-07-2024 21:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    111dccd40f3a25c8d1d6cf4aaa438a90N.exe

  • Size

    3.1MB

  • MD5

    111dccd40f3a25c8d1d6cf4aaa438a90

  • SHA1

    44da76348bedee456a55d664b7d3d5bce78d4bd5

  • SHA256

    f8c904144de10a92fac8bf8c74e9c1d5f054c36c4a1a6aa251ca2ce1ce15b759

  • SHA512

    2c7d57374e7f3a0526592d2097c1f830eb32ad05f884061e7dfa7b37867a2f0e5798cd18d92268247650665b4b24f6e76bc2e0edb8497d00850a1255c3c469a8

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBC9w4Su+LNfej:+R0pI/IQlUoMPdmpSpk4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\111dccd40f3a25c8d1d6cf4aaa438a90N.exe
    "C:\Users\Admin\AppData\Local\Temp\111dccd40f3a25c8d1d6cf4aaa438a90N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\UserDotEL\xdobloc.exe
      C:\UserDotEL\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\UserDotEL\xdobloc.exe
    Filesize

    3.1MB

    MD5

    5bb6e5928431627ad468d4b8f984db6c

    SHA1

    4a14607da234ec786ba0a57c911191739dcc7a0b

    SHA256

    8d354eacf774ef1ea8ef1c4add1df4fc59873f9934120e8c53948aa6c2975adf

    SHA512

    40b70b92501b55ba40b8556f767924257c952076911ea1c9bd4a79b2c99fb563ec0d369449b342200896e083160ee365746d8c5bdb6ffd9195fe11da5bb84f98

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    d328f4965e5bf786acd8246d37aac66c

    SHA1

    fa279db4df26c3c3eaae34712bb6e89f5984a1c5

    SHA256

    8b4d39969f23def890111c64655c381da34ce1fb9db39b8c907f06ab6070640e

    SHA512

    b5b5582cd10bb940cf8fe197f88600ca4ed5a388686563eabf076a3d4a1707ea3adda3c8b5e91c92797edf8fef13351334dc16870aa76d354c2aa2edb799cd0d

    Download Submit

  • C:\Vid29\dobxsys.exe
    Filesize

    3.1MB

    MD5

    e0ffd8d724c5e8054fc9462ee9abbcc3

    SHA1

    815140f74f8cc6b8957b4430e324b83d14cad8e8

    SHA256

    b3fd9ae847c28dcc78c1f3cc3ccb64c9513470a355eb0d0945556bd5f51b71fc

    SHA512

    0adfc386bc242afc8e66fe0b4198db345d40dead8d77dbf3f39e378fafbcfd5f736fea1ceb80cd64b35ee13a635b9ff483c4da8712acf13577d362b741897bac

    Download Submit