Overview

overview

7

Static

static

3

4ff152b1f2...0N.exe

windows7-x64

7

4ff152b1f2...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 20:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4ff152b1f2449bfe018b9f0a762b45d0N.exe

  • Size

    2.7MB

  • MD5

    4ff152b1f2449bfe018b9f0a762b45d0

  • SHA1

    a6fd6b4db18bb711340ca97468a0efb3573c568a

  • SHA256

    83ab207d8a119dab71404213b29db41eb27dd1a8b18390195cd4ba232bacaa5e

  • SHA512

    dd52c13e2b05868644f3d56e1c36a9f98d3e605bd852177b6a8fbed15f2d2e18500a962eea266360ec28093273d13dee87b41e2ccf5277f40139b410e1e0d9f1

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBf9w4Sx:+R0pI/IQlUoMPdmpSpH4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ff152b1f2449bfe018b9f0a762b45d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4ff152b1f2449bfe018b9f0a762b45d0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3820
    • C:\IntelprocH3\xbodsys.exe
      C:\IntelprocH3\xbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5064

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\IntelprocH3\xbodsys.exe
          Filesize

          2.7MB

          MD5

          5f1b0cc78872e24b41c874eed2309d0b

          SHA1

          6021804f53eb6bb868c1a93c7136db755118f581

          SHA256

          7b9aa48976b14747137cb68f9a6fd65021f9a4eaade5136440b23c85a1b17e53

          SHA512

          c5a1391b3118f5fe9a30140fdd084f2861d8e629d9f0c94e76bfeadc7646a24bd920970664feedea10db6690b2b02f7598eb6d802d3a8cc473bc050a27978dc8

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          205B

          MD5

          194858a8b2ea7edaed662dc463434c79

          SHA1

          63a12bc85060d1c8c0eaccca7de4f70993d5835a

          SHA256

          acc767274b11b4f7134c3ab6d4ac7ecd3c93220c6bf73c7676ca17f26bfd6fef

          SHA512

          cb623f196a58446a2032682ff886ce022c9ad92231905eaf722d75c20a9068fdad61947fcbb94439dee43d85273009c04eaa3142913fb4fe922934e2162f5cf0

          Download Submit

        • C:\VidIQ\boddevloc.exe
          Filesize

          112KB

          MD5

          b4d7ef13b68b7fae05ecb6ebe76e559e

          SHA1

          e6e878eb20b03de2d4b4ccf1e140cd348eda2a18

          SHA256

          9921367aaf6772752dd46463eb052bf16e4cba6eeb0cad0841c8485b77061326

          SHA512

          0c95406adb3b1512cd19ec45b9e42c1f28c718b06d4bbc8dd97f00ac55fb7ca0b4e45d8b4f72079138ac33f3ac6f8a8a910974d3f53855a7a10293d55931c0c6

          Download Submit