Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 09:17

General

  • Target

    f6e5d2403182c1424d4976c7a6d38060N.exe

  • Size

    2.7MB

  • MD5

    f6e5d2403182c1424d4976c7a6d38060

  • SHA1

    123f0d8f595eb7cd80f54682367e6e3d0bca4415

  • SHA256

    f250bacae99b16b1bfc41820d10b9e7d7f8cc33b8c7a60025d9b9717a932cd5e

  • SHA512

    212d37c49a0ce4d426bc8f9f914fb29dc4dbeb97bc119bda650ce84e4abc051a47ec3aa9bd5c70ba9aba15276bd008fb3ef5ab5e7532c7daa7eca2c35bbad31b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBL9w4Sx:+R0pI/IQlUoMPdmpSpr4

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6e5d2403182c1424d4976c7a6d38060N.exe
    "C:\Users\Admin\AppData\Local\Temp\f6e5d2403182c1424d4976c7a6d38060N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1820
    • C:\IntelprocOB\abodsys.exe
      C:\IntelprocOB\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2940

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\KaVBFJ\dobdevloc.exe

          Filesize

          9KB

          MD5

          676d55289ebe3b95f7296c256f4e82c2

          SHA1

          e60fbfe20f6dd5e273a0227788c9737ab9d0dc40

          SHA256

          4867ed928df39dede7eab002d04b85c682bda0ce96a32a6a33727628533d99db

          SHA512

          f22d87cd5f6b42194b6e873536fa1708a76308c650bbac952cbbe2e1ff6d7ec7e3dd9d2fc548fcde369b32f35c3cf65558db74c57f1b0e0b1ffa1edffbb007db

        • C:\KaVBFJ\dobdevloc.exe

          Filesize

          2.7MB

          MD5

          ba8bb979d64b3b618a570f6e68fb395d

          SHA1

          9cacec60799ed982afa71261ddce9b3393f72215

          SHA256

          894b5788d2e81985a24faec554f9811c4a315d31a9b4fd480949b31dec2ac187

          SHA512

          15856a1e112fa8e801337de7cf5474bc79f1b5c84140848975a4b4c5104998a5c6084248d80305d9296fd0ce8e612cc3ef9a75ce34a61ac0931441ade0f32434

        • C:\Users\Admin\253086396416_6.1_Admin.ini

          Filesize

          206B

          MD5

          d7d3931ec274bf0131e97e00991ad272

          SHA1

          1c868f3ebe2c0cd5a9a32808804bf800818e7d96

          SHA256

          b19d70ced3efa478352698ece51c6d06f73b6004ec6b5a1b32596bdf27df5aec

          SHA512

          90916236a91edc0a45f3d733eb8ee2aede93024f6656676af09f82409d6b4b38d002a4ca8a84fd2474945f8067a10437077037069145e4b7a760c8745d26ed97

        • \IntelprocOB\abodsys.exe

          Filesize

          2.7MB

          MD5

          af1f83ef8eb0a6134bdd567ca17fe03c

          SHA1

          7f2d5bdc64b22fcf2f75505fb6946ff893afa584

          SHA256

          20b0ae17408ec05f4eb8586a2db1b639bcc2cd0036c5fb92702dc089d5c77ed7

          SHA512

          839ef24a623f2b190f52704fbce37f58e5374c027ae90ac1426fb14dbfc84aa233d2fe6859005b9b00edf45c5c7d387fcab6603c94cc547db65a1028034853a7