Overview

overview

7

Static

static

3

db09af280b...0N.exe

windows7-x64

7

db09af280b...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 09:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db09af280b5b1abdeb6d4b1530b3e8b0N.exe

  • Size

    2.7MB

  • MD5

    db09af280b5b1abdeb6d4b1530b3e8b0

  • SHA1

    cbb5af45fa01802937d596a4b5b38f6735fe2687

  • SHA256

    48e89a93bd2353b4431ab71b221c8d99e5b39ef79dabd7d49855df270f7dba35

  • SHA512

    3103fbdf34ffdf339a4be59c4ded952381742db22538657d4b52bae6add1d1949af0ad6ff4c0cac5607f392d1e768f03126db842d7db2944ab98c0effe5b092c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB09w4Sx:+R0pI/IQlUoMPdmpSpu4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db09af280b5b1abdeb6d4b1530b3e8b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\db09af280b5b1abdeb6d4b1530b3e8b0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4772
    • C:\SysDrvDV\xdobsys.exe
      C:\SysDrvDV\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\SysDrvDV\xdobsys.exe
    Filesize

    2.7MB

    MD5

    19dc3652e81b205ba0ea6af545305563

    SHA1

    cfec254ed7e1afe2587999e1092a51829b11d7ed

    SHA256

    a1713e11ba16b74c95a44058f6a41afd2897e1b20eeec52bb9dcc31af98689b4

    SHA512

    eede3c0b955000e26607749d7e4c5a883e8bc96d6e2e846df84bc22716aac114f16ce923c0c5b670b2e597a35516a8d1724143568ee7717db451252d3cbbd1c0

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    e8ddece560f3107c73ed880b005b69ca

    SHA1

    6334f662107d5d548edefb66e28b759112dbd881

    SHA256

    a39ebae793800cb6cf14a7e56a16a08fccb2866d9cfaf98f5343b3f28ec2b45b

    SHA512

    f228743b4ba228b0b07e785125c02b4eeaf9f99a95c41ba5e6099d257c3278edd657bfd6347f76a6d29de764576ca3665750ce681cf2e818cfeebbf303e0e54a

    Download Submit

  • C:\VidF8\dobdevec.exe
    Filesize

    2.7MB

    MD5

    8023c40a6c32996eeba33fcf1186b6ff

    SHA1

    90b72f456ad1145156abd43e8c40bde74b43f667

    SHA256

    1bba9bff4781b9b9ec8ef3a7f6189cc283baf92746a72e41b12cec9e436ed03a

    SHA512

    4a15aab744f641e73086cd9614c0a0526ce06684f9c8f43e0aed6a006a7bf5866cf8225bda0439590fc4314bd6c3ee502ad5cff0caf2f0dbd090be95047db4dc

    Download Submit