Overview

overview

7

Static

static

3

55f62bbd5b...0N.exe

windows7-x64

7

55f62bbd5b...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-07-2024 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55f62bbd5be1c1c833dd9a1d34916a00N.exe

  • Size

    2.7MB

  • MD5

    55f62bbd5be1c1c833dd9a1d34916a00

  • SHA1

    d44afe72a30234be686f34b7a84bc0c66d74a8b6

  • SHA256

    3436e4d94e0fc1d5d6c678e5b04d227b99c437e5fe1a49549c62cad03777a649

  • SHA512

    46a6dd8ab95adc7bc89d8adeef9b5d082298d9ce7c824408e513ca3b5c5a58c1ec64fa841328af170c329227c13e2965c8b3e3e951a51e0f0d9e5909685705b4

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBg9w4Sx:+R0pI/IQlUoMPdmpSp24

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55f62bbd5be1c1c833dd9a1d34916a00N.exe
    "C:\Users\Admin\AppData\Local\Temp\55f62bbd5be1c1c833dd9a1d34916a00N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3936
    • C:\FilesH2\xdobsys.exe
      C:\FilesH2\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesH2\xdobsys.exe
    Filesize

    2.7MB

    MD5

    e6e701c6cded2b2fe118ba35cc766016

    SHA1

    870994954c6debeadebf644592ed5005f9187df1

    SHA256

    2addc892a3025c841aa780d9a46c0b1206ee12916573777ef73359f08fa256b9

    SHA512

    08465559287b66ce9b06a6b9ac8d1e079d87d4fafad625122538f9c96643d455a5dc57cbf19cbe5ed7a7b26f99033aede3a83f70659ac658f48125a183b1e9aa

    Download Submit

  • C:\LabZ1T\boddevec.exe
    Filesize

    3KB

    MD5

    a1e5d914a4b78d0f377ebb20f4b1a72e

    SHA1

    7d7a4e76debe739781c2eeb132f7d7d7b86cba21

    SHA256

    a33ace6a26353e6796f071da1660694215dc3a37cc03cdf3b25039861b3c578b

    SHA512

    c89f69b89d2e89f5c8673313fde2e92e573748c6197d34a25ed35bfebcc4719a8db9152745b9c8b7812164ce0abca2c0d64ffd25354482eebde0f1f5108db328

    Download Submit

  • C:\LabZ1T\boddevec.exe
    Filesize

    2.7MB

    MD5

    7d3e5c263f1477a294dbf29cbc849a07

    SHA1

    02eb013267df3b1d39a730efa7d50601d0085c12

    SHA256

    c8466087b22874d54c5935065773f40229358a347dbaf36ea3e33a6cd86f146c

    SHA512

    003faceb979c3a6b439ab0bb8926021f04c7728164f13d9d886ca3121348beeed7c708614abba9473ccddc98c00335712fe844cd20cbbb54694abdb5bc900e00

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    ca49b4746a8cd831bfdecba5a18ba9b9

    SHA1

    849a027b87b8301ac38f24bfd8c416feec50d995

    SHA256

    1598ea3adde4363c4e3b742ebc74c8049d61dd44b1946645570e3ed41dcd622c

    SHA512

    10a2316526a2a25a8c8e95455f632a0e868d21b93c99b1eeb4cf2d4b2a0d9ac590e019e0e8970375589e9c62ae1dbb04345b52e96328dc25d46f8e5ea9066459

    Download Submit