Overview

overview

7

Static

static

3

827846ec3e...0N.exe

windows7-x64

7

827846ec3e...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 05:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    827846ec3eac018ac435d773097961e0N.exe

  • Size

    3.1MB

  • MD5

    827846ec3eac018ac435d773097961e0

  • SHA1

    dfad886295e6ad43700d49f4763452f5e84491be

  • SHA256

    739f5ce1d49813d3ba06d897882509903cc840daf62d36486aa9524600e567c4

  • SHA512

    6c14e0521ba16a7a24ac91fd1a29a539cacfdf16ed087c061fac64fa8ce575e2ef8ece730be56f3a5b6aebb991271f4368d6a792faba9096b7b4bbf8fc59779f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBY9w4Su+LNfej:+R0pI/IQlUoMPdmpSpi4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\827846ec3eac018ac435d773097961e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\827846ec3eac018ac435d773097961e0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3356
    • C:\UserDotG2\xdobloc.exe
      C:\UserDotG2\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4852

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\LabZIV\boddevsys.exe
          Filesize

          6KB

          MD5

          e11352913ff8e70ebc7a57ff16cb3b75

          SHA1

          22bf1211f114147990794d6e2bfbc1b655ba8656

          SHA256

          809b66fd2b874c9ca15b73ca2fb12387a4cc68214f184b632abe6b25e2575912

          SHA512

          56a819c3653aa88029d81549ae6986caf74ab7097f1f88786d07764592b1591e093d90069daae0a452f0d888c7d115c14cbf68e51a81fe509202770e123d3a21

          Download Submit

        • C:\UserDotG2\xdobloc.exe
          Filesize

          3.1MB

          MD5

          178ce337406b6b23f7606e08ef74c566

          SHA1

          c9c1a9790ae831389246f326ce62bdf484649172

          SHA256

          66f486feb66f0223b42a33b4c544c31413b08e1b39aeed111e749340f985c386

          SHA512

          54cc323dce189a55be3b94cabd366c140b64a8b98eac6874491e3669c7ecd64ebd1c01a148d243a0afba2411fff25ba60ba2e17589bee8c3c16feda4e01aaaa0

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          204B

          MD5

          5fde488c5acca1d132ec4312a997523c

          SHA1

          6bf0243cc114d9d7f05273fda01d39496f8eb286

          SHA256

          f1c11aed500c6a9ef9be7b391dc6ed4edb5b2c6deafe1ea9ab205f800fd10006

          SHA512

          4877a51b6e085e66790174836cd920542e9935890e522e7aaaefe87c5be1f39ae47157e12785fd10d81dbc36a520b0a8be8171adb01c6e336d0407ab1d856640

          Download Submit