Overview

overview

7

Static

static

3

80bc1bdb85...0N.exe

windows7-x64

7

80bc1bdb85...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 18:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    80bc1bdb85eddc713f40ebe02d6774f0N.exe

  • Size

    3.1MB

  • MD5

    80bc1bdb85eddc713f40ebe02d6774f0

  • SHA1

    8e97913c885f8538eee190c5ad3ccb794919bd13

  • SHA256

    c11498395a1c2fc98ddbbc2edf5b2f7c4970e87cf1fc287689bdc585a1e18e30

  • SHA512

    76c5488d701aed671bafcf6d3810e835732ac8dc13b0d99ff87114e59158442c6e240872e9e4ab36f2668663d40c1cf43a47c2e7e11ca93ec6e8ad6e73d16d89

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBO9w4Su+LNfej:+R0pI/IQlUoMPdmpSpY4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\80bc1bdb85eddc713f40ebe02d6774f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\80bc1bdb85eddc713f40ebe02d6774f0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\AdobeE0\devdobec.exe
      C:\AdobeE0\devdobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2412

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\AdobeE0\devdobec.exe
          Filesize

          3.1MB

          MD5

          0bc7ddaa80ca130ea095cbbc0f3d643c

          SHA1

          24471c263e82b811dedaa02aad05958095f0727b

          SHA256

          abf364a8ca94f694b3c72e5263d958e95eb1d7caf8915aa464b3d5df75eea980

          SHA512

          fe36d86067c843f61f92194b0df2788312eeae184c562bdb51de7f75c05641172853fa47bfe3d852e16fae3b0d74dd5aa81ac1ab056d1092dbffb333c56dbcb6

          Download Submit

        • C:\KaVBER\dobdevloc.exe
          Filesize

          3.1MB

          MD5

          50ae5eec911275e12d529c22b81cac1f

          SHA1

          149f1767c6b99d392198881f812cd7ad31fced8c

          SHA256

          2ab75295885d66ef28011df7799d473f1617a57fdd09cc8944a37060cafc132d

          SHA512

          85e156ab5d9d9c1b3f731affe720fc13341b63830cf2778aeebd9a31724be0630fa0c7fbc82bb05a74c3555266a11cdd9c5f48de394bcf332991316bd00b2216

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          203B

          MD5

          4128394c9159e9589da204b31ed22ce1

          SHA1

          9e63c9ee418813983a44d380c192eecaddb0b3f7

          SHA256

          0bf8151e65f0c44589593a05f67f24121242f4c4742e187b898a484cb2add491

          SHA512

          7098b1820d25b9428412c861602a3b757bbf5857b8f1f0c8ab654d8c6608aa967166eaafa113767dc4b586bcaa773c0240286ed6c9a041bd202b1dec6513266c

          Download Submit