Overview

overview

7

Static

static

3

518e54f236...0N.exe

windows7-x64

7

518e54f236...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    518e54f2369a4355c3abfbd26dd86f00N.exe

  • Size

    2.7MB

  • MD5

    518e54f2369a4355c3abfbd26dd86f00

  • SHA1

    737936e67b5c5b5154e83bd6126478931a40be4d

  • SHA256

    174e92ef5dae2751614bd63a55a89ee181e3eb2ecf932039b4a123db513cdc95

  • SHA512

    4adee3b2007a2d6a3c5eadb0c7d96bb31e1f2951f7152de222f0cdac7e0ab7859322bb7fc714129dcf431eb24a51f7992dd23db7f19d12d4ffec1fab13137fb0

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4Sx:+R0pI/IQlUoMPdmpSpK4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\518e54f2369a4355c3abfbd26dd86f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\518e54f2369a4355c3abfbd26dd86f00N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\UserDot71\abodec.exe
      C:\UserDot71\abodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZUF\bodaloc.exe
    Filesize

    2.7MB

    MD5

    db653b2ce97f8a9422b6197ad7e1ef6e

    SHA1

    d9f3dd6a4ae216c583fa5b66fae68603bfb66d74

    SHA256

    4a6abd52cd8e28438e9ad0334fc58b7190725e10c7af327235227f34560a001a

    SHA512

    1527a6bf85240e7f5514578dd7680c347e3098deb7a0d775d37b0055cb815a4a3c376cce37a95c101e0b17c896a5717bcea4386d55badf79d76d17ee34fecef1

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    ab2b2d219889cbb5a14f5fd337a117cd

    SHA1

    602a4ae80481869074ac075a97d94349239da3ca

    SHA256

    be2b8206c6861a0d452b44cbee55e97a7c978622b2eec6ed843787214922c197

    SHA512

    5b8f208cd5bc31a541608f3ded908f4ca023799b71a4786df3d5876863d85f50a3c00111d0ff4728c5b8f0abc4083976830effd3f1334d57fb0cf31570384db1

    Download Submit

  • \UserDot71\abodec.exe
    Filesize

    2.7MB

    MD5

    b874ebbc99da9ebf9e6db3bbc91d3b97

    SHA1

    e2347345bb68c77702acb673138d8fe306bf29ef

    SHA256

    64d9e7727ce3f52db5fd324b42fc4064e087f909e934e227085eb6c6cf872d90

    SHA512

    0960600b8dde7116c754db2c15259a1818133baea91f440ea2d65045a1a6632e1ffa337ec9eb5d41af7689bf2b647c7192baf551deabcd09efb6b5c7e784ca36

    Download Submit