Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
26/07/2024, 20:17 UTC
Static task
static1
Behavioral task
behavioral1
Sample
300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe
Resource
win10v2004-20240709-en
General
-
Target
300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe
-
Size
3.1MB
-
MD5
e70e6e4a6b5e648cd1d602fff778c83a
-
SHA1
fdcefcf2b24257b4f34df55b5d2c7db579432105
-
SHA256
300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637
-
SHA512
ac638bfa41a6dac78a441d35e32e8632a0f067b6b4d672a3764b6696ab53a4b3bcc916557ceaaf8ef6773c72aab83c16941776a050a01bdc3c5cd97c195ee5ec
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4Su+LNfej:+R0pI/IQlUoMPdmpSpy4JkNfej
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2780 abodsys.exe -
Loads dropped DLL 1 IoCs
pid Process 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBQC\\dobaloc.exe" 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Intelproc2K\\abodsys.exe" 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language abodsys.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 2780 abodsys.exe 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2204 wrote to memory of 2780 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 31 PID 2204 wrote to memory of 2780 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 31 PID 2204 wrote to memory of 2780 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 31 PID 2204 wrote to memory of 2780 2204 300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe"C:\Users\Admin\AppData\Local\Temp\300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Intelproc2K\abodsys.exeC:\Intelproc2K\abodsys.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2780
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD52bf9159686c59cc65617e49889e758b0
SHA172957e5e5c67feb54282eda7e8238f4e3ecbbfa7
SHA256735defa5ac231777b86595ff446946ef2dc46c1cfe7d5438967d834ef1aac519
SHA5124b4d6351fc28d11a689b7f8708a808de0edc41c44daec085611c04325d64cf4eb1d1aee5e0f9995293ec2105906512af86e7b3973156114480beb3c3dc7f52b9
-
Filesize
204B
MD516f47cf026ddce14878efd4ca26309d9
SHA141b1acc028f0e69fe0d246d85097215f0f12254f
SHA2564a98d1d42d0f61bd7bed147da8226eaa8836ab433a2efdee8cba429f79d91087
SHA512ff31299281e4c030a88ad8ac965b40efc77438b60f0c6888bc4b24f6bf84b70c4933947981803d626eea0e08068b19432ca2b033276042a2ace208e5e302b2d4
-
Filesize
3.1MB
MD5b34a57e311831d89e5ebb3a0568cbbc1
SHA1602c5e6d69b2c33a2edb338db13c0749ee7d8ee1
SHA2562f8116fe96fe5f58f82e2f6421f62fa5d1018d4e7180dfa12e02e59479027b87
SHA512a39cd66ace89fc7722cdc30226a9282f2bbd76b5f7e00c4d8d109986abc906cdf58f09af9fee53033632f9318d27e92faf7ea0a4c266ee4ac64b4b303c853edc