Overview

overview

7

Static

static

3

150cafcb48...0N.exe

windows7-x64

7

150cafcb48...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2024, 21:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    150cafcb48071abd1d1f06d890a3b650N.exe

  • Size

    2.7MB

  • MD5

    150cafcb48071abd1d1f06d890a3b650

  • SHA1

    4e45e62dc0537258cad375b160895c5194fbdcfb

  • SHA256

    487d1887468e42df7b8383012f99277fcbbcd2a88815080ccd22620b5fb54d96

  • SHA512

    76926e6dded63c486a3b57c1462b3343cc78d86bf609cb19c4723097fd7b1689584a99ad4cee771e961b311279486060ecfd7b0a08411ab7442269575274cc24

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBy9w4Sx:+R0pI/IQlUoMPdmpSp84

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\150cafcb48071abd1d1f06d890a3b650N.exe
    "C:\Users\Admin\AppData\Local\Temp\150cafcb48071abd1d1f06d890a3b650N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Adobe0T\devdobec.exe
      C:\Adobe0T\devdobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    7aa0c8ffedfeb4d9393672dc95be6ee6

    SHA1

    6024ddd0a9cdee01e4cca0481fcca0ebae5d7427

    SHA256

    aca56dae1a316ed47d3abd6ce3ab12af32e53baa203eeccac9cf2e73db1b30f9

    SHA512

    a8e9cc033938d708d8f984819e5da7a513b1b0e821b88eef03c6c112457922cfeca4717f85ec9ee432dd9b2d40393afe137db970990bebb940fa6845e041f2a4

    Download Submit

  • C:\VidBI\bodxsys.exe
    Filesize

    2.7MB

    MD5

    1b5a78887512a02a2c1489f605734068

    SHA1

    65859191dc5074e2155f32ec319576181c155f57

    SHA256

    b813befbe55a2734cb4cffdcf27e26a41c41edc958683153c091b2c3c8bd309c

    SHA512

    1cecb4cd090376f392c5d2203a31500b625db06fd35b3a04ecf014c7ad4149c50aa837d6e74929408cbf08d0d5ab6e279d9edbd7eaa17d9b463e788576484a18

    Download Submit

  • \Adobe0T\devdobec.exe
    Filesize

    2.7MB

    MD5

    6ad9365c6c13dabbd90f72602ca291b8

    SHA1

    7040a22f2b11d9cc940a950084e060442cc08810

    SHA256

    1a9541d27d1f06f4fc2fa08dbd9c63a222a3a8f4aa961884819101b8eedbd237

    SHA512

    85a5e30dc3ae28efc89bfd4695ec93e8d4d83fd9dbb8e76102fbad2c035cd3ab66bb00956c68d29eeed0b83784f43114bc282c8f3037defe1055d4d71aa05f44

    Download Submit