Overview

overview

7

Static

static

3

eec4289984...0N.exe

windows7-x64

7

eec4289984...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 12:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eec4289984c9bc0ebab6c2fcecf482a0N.exe

  • Size

    2.7MB

  • MD5

    eec4289984c9bc0ebab6c2fcecf482a0

  • SHA1

    122f6e27e4cd6713307807bba6ccc4b6ef395023

  • SHA256

    09dffc978af2e70f62549ef7662d74d460d5dd187c53c40dfd3e5c1098f7396c

  • SHA512

    9966442055563034e2faf6b09fe7803759540e4567233c4a807fd81c0256e3818825b35f3ef23b8e2a02252bf0046e056565b7fcd775520b6292d21c68f14c74

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBO9w4Sx:+R0pI/IQlUoMPdmpSpQ4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eec4289984c9bc0ebab6c2fcecf482a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\eec4289984c9bc0ebab6c2fcecf482a0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:412
    • C:\Intelproc3Q\xdobsys.exe
      C:\Intelproc3Q\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc3Q\xdobsys.exe
    Filesize

    2.7MB

    MD5

    ef723a9c33039ad988210458c3189f80

    SHA1

    ea42a64a88bd0a71fce11a3a1047173f5a1c0014

    SHA256

    384a757fb667e66f4384be61a09f9c2e62c3e3a91e84201e9d1c76450aab77ac

    SHA512

    4a513a341a40cd63a3ddc224c86971e3157adb0e973bec5dc9888a73ad978adba9a61517162ca50215b95be9e5df014068df5010950fb894dc897e10b485cd4c

    Download Submit

  • C:\MintTS\boddevec.exe
    Filesize

    256KB

    MD5

    fdae337994aa73d0c5469c41c2f7186f

    SHA1

    2872ff0e04cac273008a30043294741553e76dcd

    SHA256

    866402bdc87a7e0a5ba71a7f9dad51af115ba36ece63cc530a0b77ce5d93eb0b

    SHA512

    563d2b949f39bd8467bfbd0759a0cf4f344d3a654284ec120511865cd7fd8b7a73b8ff6910a7902200924a3144cdc7e0f4ba52460b3735f7a49a3a49ceeece35

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    1c235a04cb8f36950818474eb6652638

    SHA1

    4ee9e12c974cf3b33d90b0302c607d246dfbb241

    SHA256

    d4d8b00329ef2e272852c5c14979dfd655d0c6f009a7b0b5217801fbf7bb5d48

    SHA512

    dd5850cd42e252b3186bf3d7377c3f6769c631607589d39dbbc5c249b02cc8b3d54647d8c539e0cc83575fbc45d32f687e5f244b123b7dedd3b6cfcc9f3cf8e1

    Download Submit