Overview

overview

7

Static

static

3

367cd5e1dc...0N.exe

windows7-x64

7

367cd5e1dc...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2024 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    367cd5e1dcd550b3ad10dfacedf81dd0N.exe

  • Size

    2.7MB

  • MD5

    367cd5e1dcd550b3ad10dfacedf81dd0

  • SHA1

    3d95dd5fe93bd670b8291f260f049c905acb7085

  • SHA256

    728574a66c80f43fb9c2f54ae8fb6285d133e6b00aece7605d703aeb84e0f7bb

  • SHA512

    72337fd83452afadb206ab984ee302fb8d47e012c16719205bc80f4e2a02736a726cb6a95469acdb0bffeeab40fabd6db4e7d75e9eb7f4b44c7b3fc6385f2826

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB+9w4Sx:+R0pI/IQlUoMPdmpSpo4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\367cd5e1dcd550b3ad10dfacedf81dd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\367cd5e1dcd550b3ad10dfacedf81dd0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\UserDot4F\xdobloc.exe
      C:\UserDot4F\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBHI\boddevec.exe
    Filesize

    2.7MB

    MD5

    eb4799d45990042e16514f719e23a2e0

    SHA1

    6968c188d9b8c45a0ccaca418d16fcdf9ff592b5

    SHA256

    72a32e9d3f291ba27edf281eaac580ecaa60c23e55b911f423659adc3075b0f4

    SHA512

    d8e89529dd7b8ea4fc4be1f519368ec59f3ce54f31d440b18ab76aab1495c3aa9f5475ef4f069d193050287ccd58d2bf22fcc330ca7919c62da896e776ec6507

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    8e51b4048f0ed612916ae7c967e07ee2

    SHA1

    39acfd3b833ad06753fabf25346905370ac16571

    SHA256

    43a100bb9089136e5bbf0d1ae1fe51fcda0ea690bf6c37131486b8dbd88366e9

    SHA512

    17aa330f569b3aa6acae97fe326e42fbcf23d206f7d660f175598e1a6aa14c6bd0739993c59909435ba41f6a4587de875eac662614b3dae54bb1bbde164fade0

    Download Submit

  • \UserDot4F\xdobloc.exe
    Filesize

    2.7MB

    MD5

    4f076dc57c032f5757e249e2dc8732c0

    SHA1

    a697238567072b5e0dfc6573da377c34419f4128

    SHA256

    7a840eaafbc7fd1660c57abb9d17cd77bd0eda7bfe00b978bd43a50d9cc86972

    SHA512

    0bac53d71be2b7819f66d2e6701475f88063e129015f9279f55514e223900416e6659e40b6dcd0f5630a86b1cafd592ff5b5879c07d4a89c5bba566d8494c57e

    Download Submit