Overview

overview

7

Static

static

3

9ba9d5f049...0N.exe

windows7-x64

7

9ba9d5f049...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/09/2024, 09:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ba9d5f0490c84ec18a0312fc2db05c0N.exe

  • Size

    2.7MB

  • MD5

    9ba9d5f0490c84ec18a0312fc2db05c0

  • SHA1

    5afd86cd47a5ac9d6a8c73b201286f3f25ff0b18

  • SHA256

    651cf774565c74474566b82f344b49c3fb117989a986223648f1f7c2fa1f28d4

  • SHA512

    9f93ab13a57c1e9704ae14c397790633c2186e159afcc0226b4e3cae2c6778dfc88d9df42120ff7eee0572b3afb7e0dd571673085633fe5db2f3c0fb588d2266

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBU9w4S+:+R0pI/IQlUoMPdmpSpC4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ba9d5f0490c84ec18a0312fc2db05c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ba9d5f0490c84ec18a0312fc2db05c0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\SysDrvM1\xdobsys.exe
      C:\SysDrvM1\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ7K\boddevsys.exe
    Filesize

    1.6MB

    MD5

    252ebb8713c42b9361d65c2df89d57cf

    SHA1

    2b250f10922380eac275dfef5f12f15d11ea6adf

    SHA256

    998f7049f253bcf2324080275cd695d4c64fea4c0d7af80e527c17eb34354006

    SHA512

    c20d14395aa0392a99c51d6c56abb02df306fadac1cffabb665f419e29169b15c01e381f26c3b7d25f124898858533b8814bfb1e93c24a01354dced8dc0bf5dc

    Download Submit

  • C:\LabZ7K\boddevsys.exe
    Filesize

    2.7MB

    MD5

    1416afbd424091a7008e15533da4195b

    SHA1

    01d3b38bfed35c129dd98a3c7729f40f876a8ff0

    SHA256

    4a6f47e9092e4d2f2a03e90e93bd4e8279472d54f8140138951b7e4672f06463

    SHA512

    a7e1e40110300fa0beabb19ffafe0c6e4dd59fc6db7defa6b9a0ef9de287d655d76c33faa23181f4ed3fedb27549eb2a8476a87df109d6c8dae545f47fb4b5cc

    Download Submit

  • C:\SysDrvM1\xdobsys.exe
    Filesize

    2.7MB

    MD5

    0e845744ba86ad6455250b7a6cc39ce7

    SHA1

    b1ffa79f903cd3cb4dbfa81fe083aec09dc9d2f2

    SHA256

    3a7747e0f57229e4b1f5bee7f2ffd920935e2c0aad8a2b147db5769016f45b12

    SHA512

    52bb9810133287cc4a6ff16fbfdf36d1ac8ca2c46c0c86021decdf84d86bd2ed9f573cae0398e3dc23c576c0da926e1e44a494ba1b3c9220ceac60dc81b77ed3

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    7d20901b40aa1de2278dabe6b28161c7

    SHA1

    2d57df5dedf0a2c4b4120c8974ec014d3966e230

    SHA256

    28fc53971b350c06faaf0aa292490f6ae4d4595e50cdf2d9a9154aed0cf51dc5

    SHA512

    2f2d9843b1d9966b68ea4fa22e4a3182cc63de7f7947bbbdbd9f8d4a2c54226af8c3b3445e7c8a8de2a075f41d236ae8ceacddcb43d4fb05911f4f46ed76179d

    Download Submit