Overview

overview

7

Static

static

3

17f66d2bd2...2d.exe

windows7-x64

7

17f66d2bd2...2d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 19:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    17f66d2bd2f676bc0da16aada4659149571350a300ee3fdd777e7f106b4a722d.exe

  • Size

    2.7MB

  • MD5

    5ef4217f234e9736d2af316243f16154

  • SHA1

    01c4814db79a4394d12941e5051e417e280269b8

  • SHA256

    17f66d2bd2f676bc0da16aada4659149571350a300ee3fdd777e7f106b4a722d

  • SHA512

    3469ce9b48108637ee1887f974a14442feeba933970cbc22a74c1bd28dc4f089c4f69bcab43744049b026b64d013b42443d97a93d3b8838963f2eeef629a8558

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBB9w4Sx:+R0pI/IQlUoMPdmpSpx4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17f66d2bd2f676bc0da16aada4659149571350a300ee3fdd777e7f106b4a722d.exe
    "C:\Users\Admin\AppData\Local\Temp\17f66d2bd2f676bc0da16aada4659149571350a300ee3fdd777e7f106b4a722d.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\FilesDY\xbodloc.exe
      C:\FilesDY\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2204

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\KaVBNX\dobaloc.exe
          Filesize

          28KB

          MD5

          c8923eb6d55ae59a2d91ecce1706dd72

          SHA1

          7b64709b1ee3cace250ea9a3a59e338b8cc1bc49

          SHA256

          6a6f2712427e99ceede982fd03ae1a1a1ab93ae8c749862d691e4fcf9d7f5a59

          SHA512

          3266bf3c9bfd253f8e8f635c018170b26e68bc71ed54714d20499835f2b6d27f07a1d8b13af9f6c0f0dbb0dc58b4c811ed7a2e5556d5434e75ad2dd2a067158c

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          200B

          MD5

          9880ef2f964f20952b3a39f7840a295b

          SHA1

          dfd9cb828c672a2c786857a3582fb0f8755e2144

          SHA256

          b1a06f7b6349a119d7000ea77e265bf5a2d9b760adda2f3e7fd501a9859340d8

          SHA512

          269f2288defd35a6b2be3462f663d26872bf51a25abaa6f933bb2552ff21e424055559ed39716635e778cc057d2db1ab0665ef72410b5099fb7d0efec8a02f24

          Download Submit

        • \FilesDY\xbodloc.exe
          Filesize

          2.7MB

          MD5

          153f2f3b560fc3c49169bf66ef3f89b9

          SHA1

          753a06dde21eec55d5f122b9f552cb094f72f29c

          SHA256

          27f3bde2bb6d8ec06f2b1a6d2c75593936a38c4bef900f625669e0ba87f89959

          SHA512

          7e6f0001495f653019b6d53bd2986af42e05cf93cceab145c08dddfd44f221dd559e8b31568281d61f3b1ce9d21b8f4e33592fdb257f6dc9f1e9727e9a6b7a2e

          Download Submit