Overview

overview

7

Static

static

3

b3d0db9af3...0N.exe

windows7-x64

7

b3d0db9af3...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3d0db9af32f965764062a94451da830N.exe

  • Size

    3.1MB

  • MD5

    b3d0db9af32f965764062a94451da830

  • SHA1

    1ed9cd9e1b567e1ec86f8ecfaa51c1f1d57c3e6e

  • SHA256

    f18f894942289c60091fc9318f9c55a7640d0dd40f4ec713d657c152da182a8f

  • SHA512

    627c04f68780d47549532c5bd924516337d47716ced2892f357338ba06c03cf197e6d5c9409b09849755c09ea6b1f53466e5537fb65d90edd4fa0d38fc84f779

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBY9w4Su+LNfej:+R0pI/IQlUoMPdmpSpy4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b3d0db9af32f965764062a94451da830N.exe
    "C:\Users\Admin\AppData\Local\Temp\b3d0db9af32f965764062a94451da830N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:264
    • C:\UserDotLT\abodsys.exe
      C:\UserDotLT\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\UserDotLT\abodsys.exe
    Filesize

    3.1MB

    MD5

    27e458f97eb57e1879c5260080649b54

    SHA1

    b08ca14bf267344703028deb0c112acece1a3d4c

    SHA256

    cd612ebebe9813892c7b1a5aafb6a54789f5fb51274db745b693aef783cc64ac

    SHA512

    5713e98ccf99a5174862f9938f3647df007e1ca87c950ee23d827f1c35afc6ae6659558122f35e70a357cbc843ac40820b0870ae553ba35b33ec99995892cb77

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    4950bdde4b5f40a451e96d127dded1d1

    SHA1

    8cb3b541fee9c6ef9d35336b62e57b062054f944

    SHA256

    f51a8ad6e3eb48dd7ca3b2902e95bf4b985c4f785fb5c079664f9c9cf1f180be

    SHA512

    0ac8da77de326e7601411383fca021787fd042c338d7bf06e647f240ba6e7e049a5388255f1de825254ab30aa8c746d7efdc9b39dd7d29b71d1095489b8e0368

    Download Submit

  • C:\VidR8\bodasys.exe
    Filesize

    568KB

    MD5

    4714356c4b5adf564c42db4be112bf7d

    SHA1

    6a3746970f58bc0415a6c5e9545c6b7f8e7e2920

    SHA256

    ad0b8c092b1c3b09da524fbf00de776d9002d76e4b7a240f0bfe0d80ee60b1d2

    SHA512

    99e950204766268f44d6c2764e96698f670f410b1cd2c4ddaf75807b771f3ae27ff021e671138f1cc64d3f223f908fc3cf895bdd77a5695abcc63fe4bbb20dad

    Download Submit

  • C:\VidR8\bodasys.exe
    Filesize

    3.1MB

    MD5

    99fd1e1cb267de4485303981fc2b1791

    SHA1

    05a5620f6a8e74d29a7b5a79fe26a6986d2a0165

    SHA256

    31d6296bebb82069fbd11c3363264536c661481d71b68dd0d995159c5fe89373

    SHA512

    fb01e2f4956207ee8b65d19acc40b7a64e6fd31003f2c52d172aad995607e319c3c6f5185019afdea425105203a18e2e15fc2ba0560924eba5f706906408c5ef

    Download Submit