Overview

overview

7

Static

static

3

e1d962bac1...bc.exe

windows7-x64

7

e1d962bac1...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 05:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1d962bac1e378c1b5b6cf5f0a9a30db9aef7e9c9cdcaf68517dc95956cea3bc.exe

  • Size

    2.7MB

  • MD5

    b095dfb984e74a663d09c6635db4e742

  • SHA1

    7fb6e94ab9cb84c31aed72c0a7c1b5bde365375c

  • SHA256

    e1d962bac1e378c1b5b6cf5f0a9a30db9aef7e9c9cdcaf68517dc95956cea3bc

  • SHA512

    ebd01f8a3b070e933dc59da414b6050d6f6f80b66f5a1888f9f41873862849e726381d8ce5bc308589f14302f4f3ee4337c608a131361891555409e783cde288

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4Sx:+R0pI/IQlUoMPdmpSpL4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1d962bac1e378c1b5b6cf5f0a9a30db9aef7e9c9cdcaf68517dc95956cea3bc.exe
    "C:\Users\Admin\AppData\Local\Temp\e1d962bac1e378c1b5b6cf5f0a9a30db9aef7e9c9cdcaf68517dc95956cea3bc.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\UserDotKP\devbodec.exe
      C:\UserDotKP\devbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint6K\dobxloc.exe
    Filesize

    2.7MB

    MD5

    50f11c160f98a90bd7b1fe5ded9f9e47

    SHA1

    e1a92de6816277f760d72f919cefd793cb9f2bcf

    SHA256

    f4fb5c2b30ef27fb49d5cde42ecb2d01355271211cff314ebdf9a3560828921a

    SHA512

    35f75b21a4022bf0fe3236f3219347dc8ac27a08ce52232c4b34e896eb1395095273584f7ae95ceaefc2224374de80f81b6c393e3949c3d1e931daa7fed83936

    Download Submit

  • C:\UserDotKP\devbodec.exe
    Filesize

    2.7MB

    MD5

    8405eb0572e2218265ce02e26e3ff812

    SHA1

    cdd87b839f10ff58eac32fd79a85ffc91f7248b2

    SHA256

    2bbe1a247fd8c19542eafce82ddb851bc13ada4438e947d534453ececb020d33

    SHA512

    1a17b87b86463bfa4612a74d6be9ab922249406effcb55a46d50753199ec46f0b05bc24eba9811706102ad35c3cd7226e9b8586c48f83da2bb3c325429474d01

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    e5d1622034af8885317525d5194ca48b

    SHA1

    a7e8c4bca147b7568939e45747526e360b2c0a6c

    SHA256

    76691e4aae98f43bb9331834dbd898a9969a1df7743aae1675c8e7052e9f21fd

    SHA512

    4692e8e3c788fe38cfa4e88697c9abbb6d637f13f5dce3d67896c740b1f1033d0be9fa186525d4620123c47fe473ae70d95ae1110a1b9f237fdf9c69839f7afe

    Download Submit