Overview

overview

7

Static

static

3

5fce7298dd...0N.exe

windows7-x64

7

5fce7298dd...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/08/2024, 04:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5fce7298dd85870649619dce66e86bb0N.exe

  • Size

    3.1MB

  • MD5

    5fce7298dd85870649619dce66e86bb0

  • SHA1

    f8a5b70601e6ada069e254fdbd3c707e2600de52

  • SHA256

    668efa99e2ad728a11e075bcfd90916df7929a5d64943ce7be32053e95b0f010

  • SHA512

    81f46ed495f0fc874be55df440f02a0b9953f77b5c98517351829dbd8afa7eb285be62f47877ca713d64f256e12079cbdc07ddbac812cee54e474c6f71de8a96

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBk9w4Su+LNfej:+R0pI/IQlUoMPdmpSpG4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5fce7298dd85870649619dce66e86bb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5fce7298dd85870649619dce66e86bb0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\SysDrvGI\xdobsys.exe
      C:\SysDrvGI\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\SysDrvGI\xdobsys.exe
    Filesize

    3.1MB

    MD5

    f5e6bce36fcbad996ad1c62c46b1bfd5

    SHA1

    281bf8c4e794aed2c77780daee4fd077b3248ede

    SHA256

    ef8782326bf14ae927f41c052c4398b0fc1ef834b9be95f97c8814829b497797

    SHA512

    e4de6160c9d6f753e9738c8e2fea99fdcb23c0eb9b28196425fc39ea9da8537d726781e973008d3806ee956e2c8a2acfeffc3aad3aebdd5a0438cbbda853d757

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    3f7a5fcc59d22c08b60c01a42a8bb5f8

    SHA1

    680c69ecd7d5d9510944c4f476671c440934a6cf

    SHA256

    32e1622d1e381f247a582d13bd197d6329732f256bd0c6399e83c8b199cb309b

    SHA512

    36ea7055974cb11b0ea3eac37cc7c9e58ed0e060ae4af0e63c0759b95f498b2226ecf94f06de650230d555097354bb99368e168a4354759e6eb43f2ff7e193fa

    Download Submit

  • C:\VidG5\boddevec.exe
    Filesize

    3.0MB

    MD5

    b951c40f99bb847ac2b824361a667d46

    SHA1

    7fb5d7e4de9fc40b209739321a87611c73ed156b

    SHA256

    97c9ac97a72c82cc07e219c16a3447366d63cc64abc36499fc4ec3fd5ccd676b

    SHA512

    5b791f34561d941d964533b858cea3285feee47c9c2f94657573509ad02b366e84d76043728845c23d7524cd635e9e701ddae6fb5c7215091932eee14eab610f

    Download Submit

  • C:\VidG5\boddevec.exe
    Filesize

    3.1MB

    MD5

    4b613555d4685ac24e1eb18796f5b124

    SHA1

    c8f3f897521aeafeff2b070ca48b42ed2e44ad0b

    SHA256

    789a5f3245eda967b1c096941380cb9ed8d5bd1c5b617e8be10b91d7cbfa45dc

    SHA512

    859393484c15877305d45d326260a733b0a3b89b8a871e83312e005ef042cffedb924cf6d1e5711559821d5daf36b6ec1c0f1be0b1a3a48421b63f8cfbabb9a8

    Download Submit