Overview

overview

7

Static

static

3

07e14c0053...0N.exe

windows7-x64

7

07e14c0053...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 23:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    07e14c00539edbbf1679a5c9d44ab050N.exe

  • Size

    2.7MB

  • MD5

    07e14c00539edbbf1679a5c9d44ab050

  • SHA1

    552f929ded9ffe334fd6047d91fb1afe2e24d186

  • SHA256

    651dbbb2c02bf025ccc53538a56c608ef9249c263100716b5f6c9350135c764d

  • SHA512

    d73f6647c5ef34291df74c51660e920ec8a59923cfcdd08ed7de37da4c37159bf4183f52c9fcbd19d94337979cb35d3732a3adcc84cd8785e015f45e9c089a8d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBE9w4S+:+R0pI/IQlUoMPdmpSp24X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07e14c00539edbbf1679a5c9d44ab050N.exe
    "C:\Users\Admin\AppData\Local\Temp\07e14c00539edbbf1679a5c9d44ab050N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3284
    • C:\UserDot5Y\xbodec.exe
      C:\UserDot5Y\xbodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\LabZEH\dobdevec.exe
          Filesize

          2.7MB

          MD5

          90e64fe06454e6c6a52762a83df1dfa0

          SHA1

          df409eb4cad2e890b919e460ee10705a32845a31

          SHA256

          dec1f4e08ce3d387281748787262a1ce30a685da0700b5a7eb9df1c9184b0140

          SHA512

          14ba9781d0b68849f833afb58c9cb3a40859aae1727fbe4312b0b297961278ee18a70ddf0e7b77f44bfcf056ed0066a23f640639c509c72684494197cfce68fc

          Download Submit

        • C:\UserDot5Y\xbodec.exe
          Filesize

          2.7MB

          MD5

          423ab2255fc7a4d010beb5cdf4639780

          SHA1

          acea4e298154234f7b8bbbe03b52dd6f856f4bba

          SHA256

          b71d30b91cb430ac6e03af22e5a8cb68b4edc5ad4874649c606131374205ebff

          SHA512

          31caaa9113695acd25573083b135e55d7e06ce502c76dcb360cc948433186e836c8b327977661e7f4f94e32d6d5a5bee08ae82e5a739b14573997e0e6623eb9e

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          204B

          MD5

          3cf3d024d1e151491dd4eb2b3a147049

          SHA1

          c1fbc3262468a8e4aae6e6f00876bff72ff65752

          SHA256

          ddf3cfb6566550658aa2a02d7939630d79c587315e69f0ff435f20908126af08

          SHA512

          356f6e3950c0bc7d13a6908b60d959c37dfb5acd7014339075f09912eb6f17e7018c405b8730bc7ae6a802f1da5502b599e2e65889e7a80af8ee0ae6bb04af1f

          Download Submit