Overview

overview

7

Static

static

3

c65bafd190...0N.exe

windows7-x64

7

c65bafd190...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c65bafd190176f3fe8cb469aa00b8300N.exe

  • Size

    2.7MB

  • MD5

    c65bafd190176f3fe8cb469aa00b8300

  • SHA1

    942828706d2b457d09c97ebed21f81e402369eb2

  • SHA256

    41e61a5ff8f4dd2eabb6f0bcd4f6ee42ffab44ad452079e81c0db5a67a17ee7f

  • SHA512

    359216150b3729eb6412e95c6b2b5b364e925be46b3dea781cd46c54b25639c711cdc377a4584548b009bd7afcb325c01f0834f1f376fcc45037aaa867d71349

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBf9w4Sx:+R0pI/IQlUoMPdmpSpL4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c65bafd190176f3fe8cb469aa00b8300N.exe
    "C:\Users\Admin\AppData\Local\Temp\c65bafd190176f3fe8cb469aa00b8300N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\IntelprocFB\xbodloc.exe
      C:\IntelprocFB\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocFB\xbodloc.exe
    Filesize

    2.7MB

    MD5

    eab5bcdd1ef231c65531087796cd12a9

    SHA1

    d2a7ce9c4ba822e51960ef56ca76f6c275b9a10b

    SHA256

    81185edf917a1dec823d944704b78249ad34d80d8c7a3f8b58008c42574d1ffd

    SHA512

    f479a03e15c860a9ce56d10d0fdd26f908fffd0795ce5304b4d721f01aab8a1ec5bf196235152e6af114070151452827b55bb1e0f95eb5c7f2f79db845128747

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    5ed831f2604e1e4eaa31e64b853d69e3

    SHA1

    fbf262d4423daa386dcefdd7b6fddbcb9dd1cdf1

    SHA256

    b97435e236bb790356c137a8e04ea0227e846d207cfee05889e54a167dedfc9b

    SHA512

    69fcb6b9fa37b4811b23bb6f9065b6d5f8e253e6e95b8eebccf24cae9241949b7cd1e09227425a4cec6207cd83774b9836be44c3787ea95015dc5a683fc0349c

    Download Submit

  • C:\Vid3M\bodaloc.exe
    Filesize

    2.7MB

    MD5

    8f04de8069f9ffc6fade202354a6e5c2

    SHA1

    0247367a95f8764d29759cd2fc89b8d46687869f

    SHA256

    92cddeee4c2c28da8050f2cc10347dd22a350b8cddbde8585940166ea8b23feb

    SHA512

    016e9f2e3ac96e45fec4356ca97b00facebf7782c775039e23a5f2ec943ae20d8934d77f404535e1eea8d7dfefe25f9ee66a5c12f2b2a138324a33df0a842160

    Download Submit