Overview

overview

7

Static

static

3

282d981446...0N.exe

windows7-x64

7

282d981446...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    282d981446e118ca25989661b2af8fb0N.exe

  • Size

    2.7MB

  • MD5

    282d981446e118ca25989661b2af8fb0

  • SHA1

    c53d5c361f279923eb4f8dfc54f486ce36051874

  • SHA256

    f7ad72d4cde99d268eab7687994ab30041199730aaec7205b48da64480b39edb

  • SHA512

    ff56e95bf025e32e39a7adebb3a6db16bc9f657d66e0d46e636fb6b48676d5b95378f89afd7f928f61bb5a052009521b83baf911ebf25022a0c77d1f450b21d9

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBh9w4S+:+R0pI/IQlUoMPdmpSpF4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\282d981446e118ca25989661b2af8fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\282d981446e118ca25989661b2af8fb0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3764
    • C:\Intelproc1C\xbodloc.exe
      C:\Intelproc1C\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1724
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4132,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:8
    1⤵
      PID:2520

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Intelproc1C\xbodloc.exe
      Filesize

      2.7MB

      MD5

      a3d06954e03d2701c4e659a1f2436f2f

      SHA1

      0cf0de490a807d219bb0ffc24f18af36e8a25d57

      SHA256

      146e8d8a6592246a9f3bcaad3bcadb2f7d9d67399aabaa4ae668d5b57b3fd94d

      SHA512

      b44d32626d242be527dafb7e57cd6572a6ee1e0491c5bfbf4386759028407c97e88b70b6423a2aa1ed4e77c955ea5417da3db2739261c6e04031603288b0fbba

      Download Submit

    • C:\LabZF4\bodaec.exe
      Filesize

      2.7MB

      MD5

      30da5ad87bf6ed452f0220d182757d06

      SHA1

      5270e86e6c7d2ad95450dee80ed8952117ba1325

      SHA256

      e44e3ecc75f984ee1059a6317728341686abf1528c1fd74348dac2540d833c38

      SHA512

      47220445d615a18b10df442b25fb7f40495df2010ee2af0dafe9eb21c562d668ac83c1a6a9ab049d8b078c53645b4ea83cfb9849b87a1d154581091b0c5cb439

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      203B

      MD5

      80ae28fb927d67824ba756f90e0c0ee2

      SHA1

      3fa24670b4a850b4ca28921b3d4f4149e1579331

      SHA256

      833a2a00de8da72a75bdd9e72c00d036870001234c109ec92f0bb0ab933a537a

      SHA512

      8eacbec24cf588d888890a215b048406fd945e2dc86ead899e4f1528940e05d3c90aba5e986d2200899de15202ce9bb64c7e5cdf84f67025f39483650afa3d1a

      Download Submit