Overview

overview

7

Static

static

3

82d3cd7883...0N.exe

windows7-x64

7

82d3cd7883...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-08-2024 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82d3cd7883e2d506a2e62472f2689810N.exe

  • Size

    3.1MB

  • MD5

    82d3cd7883e2d506a2e62472f2689810

  • SHA1

    646eec4f1cf7e2ecec088d0871adfce7281e4595

  • SHA256

    016d17cb37fae920b04c3371bd5a48fbb16173196c8c95584083e83dd21cb79e

  • SHA512

    1d3e59c8d2df19be81356f0330df2882eb07170de0014a16a589f46a270d7d5423dbd7fe45912f5b2c67d81d30a503f384a90ddf80852bf395ae35252675757b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBm9w4Su+LNfej:+R0pI/IQlUoMPdmpSpE4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82d3cd7883e2d506a2e62472f2689810N.exe
    "C:\Users\Admin\AppData\Local\Temp\82d3cd7883e2d506a2e62472f2689810N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4784
    • C:\IntelprocEL\xdobsys.exe
      C:\IntelprocEL\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocEL\xdobsys.exe
    Filesize

    3.1MB

    MD5

    e2251cdce268c8d291c82ee63c4ea823

    SHA1

    c73d834d9ba1da1e6808834cef44a022eb5a8c46

    SHA256

    0393d134a241fbabfc48eadc8b6d2500c8f4bc1e926ba7ca84976c48623b70ea

    SHA512

    eca09e140d253e1076472af75cef6e5a70a695c4e4ffb60ebfd26ad68ffc599de510388dbc0520a44b776dd186ab1b2c831d5e80e97ced0467d1bbe88f6991d1

    Download Submit

  • C:\LabZUN\dobaec.exe
    Filesize

    393KB

    MD5

    43d58f7eb17f55ce9ee1adedd88cda77

    SHA1

    b40134fd43836a5676c8313eb5c05e87653126c0

    SHA256

    d97695088b2a88e1661c2366108410703cd3a3c7ba94cc72a35d8207a7d286ea

    SHA512

    b314611176b2ed10308df771057da68d79a04b60745b8d4f4172ac4f58cfa4ed5e17ca9870a80431a16977c8b5aff3be5652a570d3c52f0248d9afd65dc14c88

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    3402bd43f1f4afe856cb28aa21c0527f

    SHA1

    14e3e548cbbdfa976f428646be65cfda2daa15e0

    SHA256

    e55d8347c8f7376d75604218c2b4b857a2e4c5c122677eccaba2ba1d4cac356f

    SHA512

    9ac13f95d2eff0f5fa181afac437aa74e4d13e8863b08eeb61ac34f867080713424f6f03181770ed5f560520d8b765fc94b37658f6d7cae1e6c9f72fa5b89d9c

    Download Submit