Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 20:17 UTC

General

  • Target

    300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe

  • Size

    3.1MB

  • MD5

    e70e6e4a6b5e648cd1d602fff778c83a

  • SHA1

    fdcefcf2b24257b4f34df55b5d2c7db579432105

  • SHA256

    300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637

  • SHA512

    ac638bfa41a6dac78a441d35e32e8632a0f067b6b4d672a3764b6696ab53a4b3bcc916557ceaaf8ef6773c72aab83c16941776a050a01bdc3c5cd97c195ee5ec

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4Su+LNfej:+R0pI/IQlUoMPdmpSpy4JkNfej

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe
    "C:\Users\Admin\AppData\Local\Temp\300a8a0cfc4c3dd458a48746d2a123d21eaacd37d2a8293b13e0fabd0d12d637.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Intelproc2K\abodsys.exe
      C:\Intelproc2K\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBQC\dobaloc.exe

    Filesize

    3.1MB

    MD5

    2bf9159686c59cc65617e49889e758b0

    SHA1

    72957e5e5c67feb54282eda7e8238f4e3ecbbfa7

    SHA256

    735defa5ac231777b86595ff446946ef2dc46c1cfe7d5438967d834ef1aac519

    SHA512

    4b4d6351fc28d11a689b7f8708a808de0edc41c44daec085611c04325d64cf4eb1d1aee5e0f9995293ec2105906512af86e7b3973156114480beb3c3dc7f52b9

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    204B

    MD5

    16f47cf026ddce14878efd4ca26309d9

    SHA1

    41b1acc028f0e69fe0d246d85097215f0f12254f

    SHA256

    4a98d1d42d0f61bd7bed147da8226eaa8836ab433a2efdee8cba429f79d91087

    SHA512

    ff31299281e4c030a88ad8ac965b40efc77438b60f0c6888bc4b24f6bf84b70c4933947981803d626eea0e08068b19432ca2b033276042a2ace208e5e302b2d4

  • \Intelproc2K\abodsys.exe

    Filesize

    3.1MB

    MD5

    b34a57e311831d89e5ebb3a0568cbbc1

    SHA1

    602c5e6d69b2c33a2edb338db13c0749ee7d8ee1

    SHA256

    2f8116fe96fe5f58f82e2f6421f62fa5d1018d4e7180dfa12e02e59479027b87

    SHA512

    a39cd66ace89fc7722cdc30226a9282f2bbd76b5f7e00c4d8d109986abc906cdf58f09af9fee53033632f9318d27e92faf7ea0a4c266ee4ac64b4b303c853edc

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.