Overview
overview
10Static
static
3tmpfile-ma...r3.exe
windows7-x64
8tmpfile-ma...r3.exe
windows10-2004-x64
8tmpfile-ma...rm.exe
windows7-x64
10tmpfile-ma...rm.exe
windows10-2004-x64
10tmpfile-ma...ir.exe
windows7-x64
10tmpfile-ma...ir.exe
windows10-2004-x64
10tmpfile-ma...32.exe
windows7-x64
10tmpfile-ma...32.exe
windows10-2004-x64
10tmpfile-ma...63.exe
windows7-x64
3tmpfile-ma...63.exe
windows10-2004-x64
3tmpfile-ma...64.exe
windows7-x64
10tmpfile-ma...64.exe
windows10-2004-x64
10tmpfile-ma...ox.exe
windows7-x64
7tmpfile-ma...ox.exe
windows10-2004-x64
7tmpfile-ma...7I.exe
windows7-x64
1tmpfile-ma...7I.exe
windows10-2004-x64
1tmpfile-ma...8I.exe
windows7-x64
7tmpfile-ma...8I.exe
windows10-2004-x64
7Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
17-11-2024 17:33
Static task
static1
Behavioral task
behavioral1
Sample
tmpfile-main/0000000r00d000r3.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
tmpfile-main/0000000r00d000r3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
tmpfile-main/Exterm.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
tmpfile-main/Exterm.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
tmpfile-main/Gaming Chair.exe
Resource
win7-20241023-en
Behavioral task
behavioral6
Sample
tmpfile-main/Gaming Chair.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
tmpfile-main/Node32.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
tmpfile-main/Node32.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
tmpfile-main/Node63.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
tmpfile-main/Node63.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
tmpfile-main/Node64.exe
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
tmpfile-main/Node64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
tmpfile-main/Sobfox.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
tmpfile-main/Sobfox.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
tmpfile-main/stTfuo7I.exe
Resource
win7-20241023-en
Behavioral task
behavioral16
Sample
tmpfile-main/stTfuo7I.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
tmpfile-main/stTfuo8I.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
tmpfile-main/stTfuo8I.exe
Resource
win10v2004-20241007-en
General
-
Target
tmpfile-main/Sobfox.exe
-
Size
5.2MB
-
MD5
a34a8c7f18a484aebc37cc67e86f8441
-
SHA1
c0fbef5f036d7b4bb1d9d350e24d6d99096f1ba1
-
SHA256
1f350ddd7b2d7cf5da7dd41b793d1d28642b7bfd4ddac2c278499b2d911bece5
-
SHA512
e8df773de29f73bf7b1e3915b842abcdb3f42185cfb632b60ae1f5c1fcf9cc0cad57d3f54f79f9ce6c94c9691e3f72e66efdec4f63ba5f5de908f318d2d9f9ab
-
SSDEEP
98304:j3GIi+v8hp0EI/mbrVVxAnPJ6hR0O+vk3nVcJGOLS:j3GIiMhubJVeQ5+k3nVYLS
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2920 RDR4.exe -
Loads dropped DLL 2 IoCs
pid Process 1588 Sobfox.exe 2256 Process not Found -
Drops file in Program Files directory 6 IoCs
description ioc Process File opened for modification C:\Program Files\system32 Sobfox.exe File created C:\Program Files\system32\__tmp_rar_sfx_access_check_259428055 Sobfox.exe File created C:\Program Files\system32\RDR4.exe Sobfox.exe File opened for modification C:\Program Files\system32\RDR4.exe Sobfox.exe File created C:\Program Files\system32\stTfuo7I.exe Sobfox.exe File opened for modification C:\Program Files\system32\stTfuo7I.exe Sobfox.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1588 wrote to memory of 2920 1588 Sobfox.exe 30 PID 1588 wrote to memory of 2920 1588 Sobfox.exe 30 PID 1588 wrote to memory of 2920 1588 Sobfox.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmpfile-main\Sobfox.exe"C:\Users\Admin\AppData\Local\Temp\tmpfile-main\Sobfox.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1588 -
C:\Program Files\system32\RDR4.exe"C:\Program Files\system32\RDR4.exe"2⤵
- Executes dropped EXE
PID:2920
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD5de431fe64329b3dde12f288898cba489
SHA1b8f1f3d0b2cc37cc4aa041046fa9ced2bc92f6ad
SHA256157d83991428e260d9e07c6d8679d35835d6c8c3d8ac1b5669ec10419f4e0e9f
SHA512b7127225c5dcd2d027158cbc11eaebaef8f674ec0ff775f6eb11bc43692ad90c52af558590131543de803f0223d66dad69c776034adddaab613299afea26e95a