Overview

overview

7

Static

static

3

2050e14c44...0N.exe

windows7-x64

7

2050e14c44...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 23:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2050e14c4473ab16b565993a87b7d1a0N.exe

  • Size

    3.1MB

  • MD5

    2050e14c4473ab16b565993a87b7d1a0

  • SHA1

    95432d515b16a25ff3f390ee19e89fb311a0627b

  • SHA256

    b036c5947b8919d05c1212c6f30a1aaa13c3a3cf11fac32e712468b62e6a00ca

  • SHA512

    b5737f8277ad8b1cfe1e1e91f91a37607d73292eb8f4a04aad9e65b2186c7f6eda8ef8b93172727106fa14bfec78ce4706b1018e7d90eb045dfe4711d7cdb9d2

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBs9w4Su+LNfej:+R0pI/IQlUoMPdmpSpC4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2050e14c4473ab16b565993a87b7d1a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2050e14c4473ab16b565993a87b7d1a0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\SysDrv50\xbodloc.exe
      C:\SysDrv50\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2840

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\GalaxDO\dobxsys.exe
          Filesize

          8KB

          MD5

          76f60c009db35fd209723dd14e83cea7

          SHA1

          b4d1adca66eb3a1a9be78501919791a98381d32d

          SHA256

          48aa858f6668745db42ffd0cfd5c58f6fd059891308943b3772dc2ca0cc7725a

          SHA512

          91c93d04f4f1a1594e00560354d89cadd052c75f124c145500cc4d6ebbf4e9be089e115059176bdd6c6d1f8a4836eb4b6bcbf567eeaab83601e7598e4f7ad331

          Download Submit

        • C:\SysDrv50\xbodloc.exe
          Filesize

          3.1MB

          MD5

          6cc857ff91af831409c54cc12c593a19

          SHA1

          44490a8b22c454f76824020e637ed1685adcb55d

          SHA256

          32b3c290197320eaad35266055a75ca7eb0a0941d79663ee173300c6fbfc0dde

          SHA512

          87654f363905b4785ce9bce7c8e77f19f1b4de727b5ecdcca1bb3555078c1f45bbb98f599cd1953dc769efbe3865a4164e5fc41ceb3a68bcc71acff1e6f40c40

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          204B

          MD5

          8369bdd9a86b1845d9dc83c3b59b8ded

          SHA1

          2024b0b3b759dcd93332bb6f5257c2cca8b6e6bf

          SHA256

          8a6dc199c96f87196c52e6af5989053b6d11571140add7e373611d37e9359d77

          SHA512

          f08895f6b4584ad9c0f9d10aa850b3a25a2e1979bf8ee84d0d511651071e3021e1edf540f88cbaa8e6162134e9100df5e15d3436eb20862c08cbf4e9f4f40732

          Download Submit