Overview

overview

7

Static

static

3

7dcfdf2a3f...0N.exe

windows7-x64

7

7dcfdf2a3f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-09-2024 10:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dcfdf2a3f5c279d8b7a481e0b565e80N.exe

  • Size

    2.7MB

  • MD5

    7dcfdf2a3f5c279d8b7a481e0b565e80

  • SHA1

    057017f108dd148b4043ce6411358a302e5c766c

  • SHA256

    752a4dccee7a0d49ca10b04ba344ef5790cf37bddbcc8a92e11f663fd3581b75

  • SHA512

    36e0966dda82fbbbe43b27e95eb305e4ce7e8a13d10d893dc7ed3c4d5339c911ed67ea88dc8130e22efcd42f548706fd726a79e8b65370d1e5f374a9108e9b92

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBS9w4S+:+R0pI/IQlUoMPdmpSpg4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dcfdf2a3f5c279d8b7a481e0b565e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\7dcfdf2a3f5c279d8b7a481e0b565e80N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Intelproc5U\abodsys.exe
      C:\Intelproc5U\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc5U\abodsys.exe
    Filesize

    2.7MB

    MD5

    96e2066e15008674ef42ec68f7d670e3

    SHA1

    00d5e4ca7ad34afe55d9d7b6c9060dbcf0f319d5

    SHA256

    ed2330243d5ec773cf50e2540445b16b1e8f385a4e3d5bbd8925c4ee6e731054

    SHA512

    4466e6ea6eef525c5998c26d0e8cf828f8b4e4aeb3bc9d26171c0259841eea9adbfa82e45ccc22da63df2234284c24eadb23582fb313aaad64d17a0a82024808

    Download Submit

  • C:\MintJY\bodasys.exe
    Filesize

    77KB

    MD5

    963a064ea93e8527f0ac5336f025d98d

    SHA1

    108279179d21224b622cbde801674b56c9a84e69

    SHA256

    d13724d347e56358e1317a8099c0952fba21a5ce950e9fe755e28b65bb78f2e1

    SHA512

    6f4dbbf753c498d53f6d58cb434a802e408bac5e1b70238aedf86b6fe52c602ba288306a4b8b559b4959e49d6fdaafbef3496aad8945b0a36456df8eac088c24

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    b2ac35ac3af45b88f5c73cb4b002f842

    SHA1

    4b5c4fe1d97fabdaeeb2b6c403943fb5a6672d74

    SHA256

    f6401c2781ed40a63b16c83b02e592f918afc7598abf71635918764c83e58cf8

    SHA512

    d4b43a0cc9f6041730dc44ba48287744bd31f2b41d47dcba3b568c46bd667ad8e79881476b1001679e1eabfffbb2bb7b5d31154ea001db3d52eab5c34635a0bc

    Download Submit