Overview

overview

7

Static

static

3

44c2b5a939...0N.exe

windows7-x64

7

44c2b5a939...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2024, 06:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    44c2b5a939281c220da59659b1771c50N.exe

  • Size

    2.7MB

  • MD5

    44c2b5a939281c220da59659b1771c50

  • SHA1

    eb03184a5dadd85a4134e6a267def60d232cc64a

  • SHA256

    68c55cc830ab5441921e60ee7b0498123e6c6e1bd8e76262cdee06d49813b34b

  • SHA512

    7c6b93895642073449c9c9c2becc22783afb63b0d31216c74e1ce015fd15e18c73971b73babfd618fcdfe6be68400bf970e500bb46f35c56d5bd7a43062e9c32

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBJ9w4S+:+R0pI/IQlUoMPdmpSpd4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44c2b5a939281c220da59659b1771c50N.exe
    "C:\Users\Admin\AppData\Local\Temp\44c2b5a939281c220da59659b1771c50N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\SysDrvLQ\devbodsys.exe
      C:\SysDrvLQ\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1712

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Galax7S\bodasys.exe
          Filesize

          26KB

          MD5

          ed8ba588b4057f0e937984237e620be8

          SHA1

          4941e5a4bc69a41cbad8a2cc19dd278ab5af2bbe

          SHA256

          0d70d5be482582e02ef50d8b6b89d7af90217a2be7a5a8de866e95f18bc477bd

          SHA512

          f6e90a0e42fdea19d41d0e926034438d96430dce3280ca803e58f8193bdc18da12d9eadfa152facdf07ac980eb67545115fb1593fb60a01d713369185fda6550

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          206B

          MD5

          ccb05a5f5149a53242992e220f4219d3

          SHA1

          b8559b54ec5b406d26b6d90cca6a00e949de7a7a

          SHA256

          2416bc20b10b28b18dfd2a714f10afd5da3eabab9fce5cfad488f17c5f866548

          SHA512

          9e5960d82bad026f5fab8286ee99a72a88e37c24604f923b04f21b2bde21ce671a93328b21ad08ddaa89eb982d48905bd5b4046890d65b002ed4ff8341cc6a1d

          Download Submit

        • \SysDrvLQ\devbodsys.exe
          Filesize

          2.7MB

          MD5

          ab2ed13a93c51d06b9f642843da4eeb9

          SHA1

          79b8f966efebd1228a1ebcb1d02c9c51ed86f40e

          SHA256

          974e5fe98cb572a78a46af92d2035297cbade3d90dec06a402491ad02b0a6e83

          SHA512

          f7ef22ac59306ec8ce7ec7e69d5554caf9ec5b5bf0851daefe161973235bf38b0b54e75a96892350eb3f36c5a7083258f923269081efea2b7a752dc96896283d

          Download Submit