Overview

overview

7

Static

static

3

90992663d1...0N.exe

windows7-x64

7

90992663d1...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 06:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    90992663d1d194f25e879c369223cb30N.exe

  • Size

    2.7MB

  • MD5

    90992663d1d194f25e879c369223cb30

  • SHA1

    111d82fec071a2667d5fe1b68477b85b79bace1e

  • SHA256

    e47fa0f6034d90bb003484f7c39659298f839c80079844ae565cd7ecc15dd161

  • SHA512

    597678c84455d2d4020b453cac0479a6fc9508fb0eb5c8483540a2d01e1e5e9206d7098d2c696de99422192197a3a3cff273ae38ca58d50a2d9e58a749fa1a29

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBS9w4S+:+R0pI/IQlUoMPdmpSpk4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90992663d1d194f25e879c369223cb30N.exe
    "C:\Users\Admin\AppData\Local\Temp\90992663d1d194f25e879c369223cb30N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\UserDotXI\abodsys.exe
      C:\UserDotXI\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2612

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\LabZUG\bodxec.exe
          Filesize

          2.7MB

          MD5

          06db38a6af9610881858b94a21bf31cf

          SHA1

          962722b3a683058a2d4b2c91efa46d1ba4dbbe49

          SHA256

          48bb4d20ecfa722834d249f7463d624f7bfca97295681b85849ab79e075556e6

          SHA512

          b6268aecfb95885bccbbcf12c54342225c528489fa301dab784bc4f2d6d44a36373b84f5bfff7782270758881d47e022cd95e8420f3885636aa416c78d7f4369

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          203B

          MD5

          9b5b426f029d468b7fd7271e4a25ab45

          SHA1

          6b0e15ce07127e57112f0be4a4281704aec7de28

          SHA256

          057c18bd97dae7dc0277aad2c8f14544dccdd82b6d0e2a2024b4a39991c0f5ff

          SHA512

          522a11d561eb1c4757e6b419fbe199caee9e5345fa91fe780f19503fb70e6a3929ca8eac2aa4f73297b4cdd20a5bd8ec2305bcc78e64f618ea242352fb98f530

          Download Submit

        • \UserDotXI\abodsys.exe
          Filesize

          2.7MB

          MD5

          bd2ada6882b0eb5d50678b56df4f3ac8

          SHA1

          706ea1689e823d7d23554f97a9ae9c08ff4279f1

          SHA256

          89d169181f3b2142268992d0308bd29828f18daea7c22c22b92b975c76f28970

          SHA512

          3f6ee02ab833de898b33bb41439aca38f0061dc7a0ffd50f079746efe7610ae605f79f7578f6e86a0de1df8df6f6f99ba934d6327b61d0668042c7fdc8f011e3

          Download Submit