Overview

overview

7

Static

static

3

55628dccdb...bd.exe

windows7-x64

7

55628dccdb...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55628dccdbd961125c79bc3f069dc6b91d715338940d7217c702cb4538b9e2bd.exe

  • Size

    2.7MB

  • MD5

    9889752999dedd0298e11d955e2130a1

  • SHA1

    b8c1fb050ddb391a4eae7943954ffbc23f28a547

  • SHA256

    55628dccdbd961125c79bc3f069dc6b91d715338940d7217c702cb4538b9e2bd

  • SHA512

    6dbafd1f14a9139b63156975654a4f165d31e7132a51270c2faeefbc256e792f1cb69686f9deeefe42559c2ae1deabaf250b2384d437b3dbdd9eded777c13c69

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBJ9w4Sx:+R0pI/IQlUoMPdmpSpd4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55628dccdbd961125c79bc3f069dc6b91d715338940d7217c702cb4538b9e2bd.exe
    "C:\Users\Admin\AppData\Local\Temp\55628dccdbd961125c79bc3f069dc6b91d715338940d7217c702cb4538b9e2bd.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\FilesGP\devbodsys.exe
      C:\FilesGP\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZNB\bodxloc.exe
    Filesize

    2.7MB

    MD5

    e0b0b96c87824575faf08064af74ae2a

    SHA1

    ce73c587cfd4113fd158fdc8b75d6f952e6f9f19

    SHA256

    5eb296f0a0d4cc71d37915e1fb62b18f72b7f2064e64f0fdd3a8c58589a9dffa

    SHA512

    90abe42d0740a57bc089fa19df435f02fcfe182d71ea03c8968cf87f1f1b7d4e07cb7a429793a09b4c09c70a6ce2e441a0645356fd0dc29ad6ab335dc92a3e5b

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    6ea8be1bce5a0bc4c8d66386ae1e3179

    SHA1

    5f8506d2fa0ea144d136085303551213fb5c9b6c

    SHA256

    369d3810e0553f08cbd95b4b6af06fbee500b332f0e4c383313a5371c7b6812e

    SHA512

    455ffaecef8aa6d596c4f8a644f1dccd533a3bcd21b9d8aaef5620a78fa785e279b26d80d29f9a389831d5fa91fa276a1d2a53767623183e2ac013fc98576d3f

    Download Submit

  • \FilesGP\devbodsys.exe
    Filesize

    2.7MB

    MD5

    5e98e4b00b2a5d10b1aa2c1faf4bcbe5

    SHA1

    8ad63e0b696e7f9bfeb2a2fca83d2ccdebcd8c69

    SHA256

    40e8e49385639e72a839dfbb772afad22f376e823c75321bdde07c4fc47f9f60

    SHA512

    22a601d405a66d30186029a8d8e1d5429ef88819f0b54b1bc1c38306f381c11aa2d6bb5bb42ad78a82586f4283fa4e7dcfe8a3b0554d5add8278f6b540785c34

    Download Submit