Overview

overview

7

Static

static

3

50b6905527...0N.exe

windows7-x64

7

50b6905527...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50b69055278acd61d583b1ee97970960N.exe

  • Size

    2.7MB

  • MD5

    50b69055278acd61d583b1ee97970960

  • SHA1

    688496cb8f3969c2477b5ca551b6ef04ae8c5eea

  • SHA256

    fd2ed74bf18c5ae5cd0eeafb1b07b9bd94a43102adc1ba99ed8aacd60c58306b

  • SHA512

    ef0a31729a7fd9449cafb413db752bed0c8d0253a6ebb081b9bae14fc7981b915231e6084b1612cf397dd55f8fad46a215fb1cee9a18494bfd03b6e877ca4c6b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBs9w4Sx:+R0pI/IQlUoMPdmpSpe4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50b69055278acd61d583b1ee97970960N.exe
    "C:\Users\Admin\AppData\Local\Temp\50b69055278acd61d583b1ee97970960N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\SysDrvZW\xbodec.exe
      C:\SysDrvZW\xbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxJO\dobxloc.exe
    Filesize

    2.7MB

    MD5

    5225a223fb33d74e84210598140107fe

    SHA1

    2be350f2d1061ade4a6d97ff8cbe6a1d9e746027

    SHA256

    0f8986aa18102f25df71501edf2abbc636a74c5acd05722d58784bf5ae48460f

    SHA512

    4244c27af847c110a6769149245599a81e364ecbc6f0dad7c07d57c28ab723e91a089e0f90ffc39d91ca8ae128a63a9e6a21a354309b52f6ee7644ba9dd73c42

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    ff082dc24289b5a31559c61e6a2b4a08

    SHA1

    537bcfb6e283ec1ae1496f1942a34ea2c637f24f

    SHA256

    a53f90e63e81a797b533e530c7fc37f7b9bd9d2e14b6e9748aa76c3466e29866

    SHA512

    46e24bc569f8536df7d84a0c5b95ec57ff27505ad740c8c795696adad7a293252fff24c91e521757cca8847051b1e62261501857127b74ef88ffdfff28a0977a

    Download Submit

  • \SysDrvZW\xbodec.exe
    Filesize

    2.7MB

    MD5

    a31a73a8f85113a6bff67f909f7a0dbe

    SHA1

    82942776e59bc3cfb1c58e63661df70a6552dafe

    SHA256

    d72a3a55a2357d496698e7c08e6f11f238a5f3d6c81a637cc7dca54217797b06

    SHA512

    f142315f4d2905763b40516a5c69f115e4853099e11c732cb1f20d70192549a86e1dff51078d37d90a51f02126d671563de565a70ee4abf574f20adf3a78f983

    Download Submit