Overview

overview

7

Static

static

3

207780eb24...0N.exe

windows7-x64

7

207780eb24...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    207780eb24f1dccc3653850fae048d50N.exe

  • Size

    3.1MB

  • MD5

    207780eb24f1dccc3653850fae048d50

  • SHA1

    2cfa74a6f7fac0cbf7ed124ce2c505143fe0422c

  • SHA256

    797b8705d4de20e70f525550bebd2c983839f9e436f7004991f0be4517b1afc3

  • SHA512

    5feb2017ce7685b2aebd4359ee8feec84d6607d973cb283b984538d903aa679f8c9a539b9b183f47bb7f29fa04d57a876d256e4feed1081dae76f75d533d2697

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Su+LNfej:+R0pI/IQlUoMPdmpSpg4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\207780eb24f1dccc3653850fae048d50N.exe
    "C:\Users\Admin\AppData\Local\Temp\207780eb24f1dccc3653850fae048d50N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\FilesMP\xdobloc.exe
      C:\FilesMP\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    c6a6d6ff17e8b58c53c97c85f223bf10

    SHA1

    6e8fdd1225ec951787f958a253cec5750c5abe3d

    SHA256

    c0196410f073b8a95ceae59e5bf8f8600c1242669135899c52e3870fc8b84c03

    SHA512

    3b1095fc8a3e8c0159b36c325f518d77e44510ebbf7341dea3acb5c82bc217d9e7ddcb9d8321bdc8991795dfeadd4b5ce30672f90cb925ac9c354f5dd1983f84

    Download Submit

  • C:\VidP9\bodasys.exe
    Filesize

    3.1MB

    MD5

    2f91de8d6aa445eea16005ae91b23be9

    SHA1

    81560b0a62acad9e3d50b9d5cada1f6d6e1c571e

    SHA256

    38a9eed27b081771d81fc8c30510faa93049bf73a130a2f429dd7066f8af6ca2

    SHA512

    c5958e9a9f1a068e97e1aba89666c07a949a166380a8091f3ae785aa508800368fb26e8f98f39a3c1fd6c3a145b7453462bd61f6aaf214a9b8bdc06ba361856b

    Download Submit

  • \FilesMP\xdobloc.exe
    Filesize

    3.1MB

    MD5

    855f933f95fe8b59e5ccf076aa2f1312

    SHA1

    26c53dd4987660bb523a2339cae2d958c92d8207

    SHA256

    4eaad7ff9f5917270a44c2ea0d0e00d03c81856f4a37d2c4c9b7e267af56aabf

    SHA512

    34d4e92aaa6887a6fcedfea0e4d83dc6ab2f7ba53f1ffa1876c694f208d09f585151f2405167a3dd36ccac3f61fd015428aacff130583ca9413f8455de9b9cb6

    Download Submit