Overview

overview

7

Static

static

3

915da6f90f...0N.exe

windows7-x64

7

915da6f90f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2024 08:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    915da6f90fed22edc808065361baf190N.exe

  • Size

    2.7MB

  • MD5

    915da6f90fed22edc808065361baf190

  • SHA1

    2cb24349bbfcaad89540800862a4951ac630ba6c

  • SHA256

    259eb1ee7cac872271bb6cf738e59374c77c7b9a417fcd3691f5f78ce11df052

  • SHA512

    7817fb9e388a776b6bd5663ea5c472e10d42100aac524d9af31acb4e54247fba6b1320f273bf4ebdc3ccb3e351e17b35e1d52dcf5fea5b87505171333e374545

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB59w4S+:+R0pI/IQlUoMPdmpSpB4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\915da6f90fed22edc808065361baf190N.exe
    "C:\Users\Admin\AppData\Local\Temp\915da6f90fed22edc808065361baf190N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\SysDrv9N\xbodloc.exe
      C:\SysDrv9N\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ13\bodxloc.exe
    Filesize

    2.7MB

    MD5

    7b020f773c75e7750924be665aa67a39

    SHA1

    eed573a6a5690da1300ac1e50a9790e1468c9603

    SHA256

    244745ca0fe54e06d3a7cc1be9247111d3122cae878743d7ac33677a9fdb59a6

    SHA512

    6ae03fc7738a2f56cf6cca3baada52b6a5df07f20c723c5ecd6e750a3ca200c4ed001a76113b9eb08918b17ac3ab21504f08e22f18244845585986b11589bd1d

    Download Submit

  • C:\SysDrv9N\xbodloc.exe
    Filesize

    2.7MB

    MD5

    fb84a89d900d4f30adbb751e009d29de

    SHA1

    3171627d8adda8a71d6009ec9f1ed7c3c4a1a059

    SHA256

    eda8400b8e2f3db02904a75d062b355307c151b45402e46f4c71f1c999c5dd7b

    SHA512

    c93737340cee36d6a8ddb15721dd36b1b4c8d59c499b37d4ac8414fe9f9875b79ddb8a64443dd815e135fc2ca2730e0d939d65cdfbc7eb4365eb38ecf7ff9606

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    18ca69282e5f4ada3de4f638f6b09b8b

    SHA1

    089418acac6fb2cecb332d46867432229699c4ab

    SHA256

    1a30f4f888b9b1ea82aca332be2525d343709233da655339e37bcf20766aab09

    SHA512

    29f433794cb8ab86e3c82e9e9781f20aa7cb9c53a538d1b9a13735a8730ef33fe6c4cde79aa0ae67ca9597cf61eb94d2cbedc25b426c7a734484d42b3ed0de43

    Download Submit