Overview

overview

7

Static

static

3

4c0875308b...0N.exe

windows7-x64

7

4c0875308b...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2024, 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c0875308b7fb43d8887a57959e660e0N.exe

  • Size

    2.7MB

  • MD5

    4c0875308b7fb43d8887a57959e660e0

  • SHA1

    c4e8ff2ce61342ad0b544f0f353ad5a6e9bf8688

  • SHA256

    b66392db0e9325f6c3949f6f69130607a313c6e538b68ed5f6732e07217033fc

  • SHA512

    88f5eb77c3949b24fdba58bee16afc7e0425a3e71227b4893c6bd89b9277577da74bb202d3411c3d35b61d2b7bc3145bf86f1dac7fe3a8ce3c14f6d5228534bd

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSpO4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c0875308b7fb43d8887a57959e660e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4c0875308b7fb43d8887a57959e660e0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1188
    • C:\FilesCF\devbodsys.exe
      C:\FilesCF\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintCB\boddevloc.exe
    Filesize

    2.7MB

    MD5

    031713d8301192bd85864909923a11fe

    SHA1

    ef191c451e653e5dfb3d3c706fd4321d9261a14d

    SHA256

    359b88b5d8c1cd3669c69dbb0414dfc53e0af76db763b91f93f06f83f438a124

    SHA512

    348943bf0931abbfebdcc65a34ef184ef7d1a453e71b09d55e8d2e4b79e1b5b2ca42b8f50f0ce11bc62559c3307caac52a16a27ee97c79bc229ee902cce55bda

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    c660dc8e9568307528d35d5a44250513

    SHA1

    727c05ce62d6a9826e1c9fe0c58f6c386ccd6c4e

    SHA256

    8a12cc1cff438f938787adb041bb0ca0bcb657343360bc715f99c73c496d14ec

    SHA512

    68f67647c5b81b9d71f2e62741cf2eb20f2c84e54ac1e7f6652a2e1ce1ad4a4e30bc375aed01a165d0bebf2060c38e68f71cb02b9552930e6fa72243963d834f

    Download Submit

  • \FilesCF\devbodsys.exe
    Filesize

    2.7MB

    MD5

    cc9c520c85530ec5b44b643d22306c76

    SHA1

    1e959a8fe87661c50323267b895a83916556b454

    SHA256

    ba7006f75a439ca0f239be344864b30a43baee03774d068ce1e19caa4c577911

    SHA512

    68145b88b55d674bd45e2c29e2bf78b103ba994726357ca5c2ba4df227b30f092f1f0bfffbaf53b32016c4f0bef8e736de31ec64cfce6c6eae041b4ea03db9ff

    Download Submit