Overview

overview

7

Static

static

3

51206caabb...0N.exe

windows7-x64

7

51206caabb...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-08-2024 20:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51206caabb2303b4c7a2d31617776230N.exe

  • Size

    2.7MB

  • MD5

    51206caabb2303b4c7a2d31617776230

  • SHA1

    998a41054a7e5eb27e617c582a48decbda603cbe

  • SHA256

    2228b5aa01d02314606d1782563974962a0aca9defc3b960301925be1e08918d

  • SHA512

    f6e91c7fe51d88ff237e3e69c66782b0478b3cea3f4aa62080625f8fee5feb715b3d684ae5ecfbeef96bc133b1a1c5c8891e4e8b95c67579b21f7b39535f6783

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB59w4Sx:+R0pI/IQlUoMPdmpSpB4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51206caabb2303b4c7a2d31617776230N.exe
    "C:\Users\Admin\AppData\Local\Temp\51206caabb2303b4c7a2d31617776230N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3204
    • C:\UserDotZA\devdobec.exe
      C:\UserDotZA\devdobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZMS\dobaloc.exe
    Filesize

    21KB

    MD5

    85ac8e8d98995fc09cc8e14b9d872d90

    SHA1

    adaa24efc93ffdc30c0f3eddaed74ed35e28744b

    SHA256

    4147383c7efa7821c6cfc8b7a765239587b96326516b35b8a29b5759d56b432d

    SHA512

    71b1aead94e4cf1bea92e76c1e652cc34c48ae4aa8a1a8f508276c2025ed5821c7ac8d66d8f165cd451ed36fcf9d03a044f936e5ad0acf3d006044ed8f1b1f3f

    Download Submit

  • C:\UserDotZA\devdobec.exe
    Filesize

    2.7MB

    MD5

    d36717ed1dc09847ece0c166864d73d2

    SHA1

    56a5fd1bcffb78bab9f1923295b7349ef5edf5cc

    SHA256

    a016303db8792d044198da32c17cd4d1d5e1f31bbda06d2c1ffd319d3f708beb

    SHA512

    15c8e1f209cbaf0d5265dce65a13b7a41251621bb22a741b2419f6f3afb3b0e4b04a449c221a4d86372f0aa85e1f222bc23368371a18f8e5189ba666070b787c

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    f4dec7e85952094454167b59a933f192

    SHA1

    f509edfdb9578d699e73de29abceaab0a32cb302

    SHA256

    d7426db7c819741cdae3b21c406b4fb8b9bc63b9db02cace90121b6b66f296c6

    SHA512

    6aeff4496e9a79340af9bba6dbb88cd5acb627cb4c1d6bbd44e53b99b99824d0a94cc423d2491720f567d947c6b830a142cdcab78ec1fd4970328998f3628cb2

    Download Submit