Overview

overview

7

Static

static

3

04fe48f387...0N.exe

windows7-x64

7

04fe48f387...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 20:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04fe48f38727fb588a5cb8fba89349c0N.exe

  • Size

    2.7MB

  • MD5

    04fe48f38727fb588a5cb8fba89349c0

  • SHA1

    8c91506ed6ddb1be7144a836c54f98f5e019c890

  • SHA256

    7e01c717fe9d0df58009208351584c7575b8a70cd670e0ec15a09d403b87fceb

  • SHA512

    b64945119cce7ed518bc21635649da533882ef0964e0c882066201fd4c2808afe32cdc77e6ae00017848de3f9a064d9ba27fc73f3be35af98e3353be5b931d68

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBi9w4Sx:+R0pI/IQlUoMPdmpSpE4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04fe48f38727fb588a5cb8fba89349c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\04fe48f38727fb588a5cb8fba89349c0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4260
    • C:\FilesWT\abodec.exe
      C:\FilesWT\abodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesWT\abodec.exe
    Filesize

    2.7MB

    MD5

    8df5674145469720ada991ee4e7d5f3b

    SHA1

    31afab6f826cb6ac00ae3c084c4db39591ed2ca2

    SHA256

    5ff90854c3826bde4f6d65d35206996bff981966c245f8627e79de0744b1012f

    SHA512

    1efb68c3bec72c3255a660824263f4a9b93330096b05bf6c796ee0213aa1212af3e5c4a3c8586ef9c51eb1d14a1f43bde15651fcc8e3fd25ef4f05aceb999881

    Download Submit

  • C:\GalaxE9\dobxloc.exe
    Filesize

    2.7MB

    MD5

    d75f38360e73bf3d7fa5edcacb2df38b

    SHA1

    79b94599afec79e939e76bd7fd4216a52a0533b4

    SHA256

    45fada7b1f839e1fce3b0503d9a624a563d42a6fc71a271115e85e853226483c

    SHA512

    37a4a9d57ae27fce13a19d4ea34434366373df64f5aefacdd6d7f88cc5867ffe86f0aa7c5c631f74ad5fbacf14c08096706aa096f38fbbedc01ec7b16c3f03f1

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    dfd131614677b9614320a8951b2174dc

    SHA1

    7bd0e9a1569f5394f5f0f72f07f6a434253606db

    SHA256

    554690c726dc735512479e6c203e5b9212bc6cb461c9011f44328e93ddeaf5cc

    SHA512

    be1202b0ace586e553494225b75f659b779595f75b2ed87115cca5fe36c0db83e91f367539dea1c948daa18d32c7491582f8c6755c48761dbf6779c489739488

    Download Submit