Overview

overview

7

Static

static

3

10d02651b6...49.exe

windows7-x64

7

10d02651b6...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10d02651b6c50749154e5ae91986d131ddc5938500a962603671a5db78900349.exe

  • Size

    2.6MB

  • MD5

    5f366f7e7dd7329c581da9c15bd4aaa1

  • SHA1

    76717369a15a09c4375fd2a45aa1e45469f1720e

  • SHA256

    10d02651b6c50749154e5ae91986d131ddc5938500a962603671a5db78900349

  • SHA512

    188b7173d8c53a28ee1261cbb28ca47bdd143c39eaa4af68294d1ce4dcbaf586b8abb2c70592bf1c8bb51158502562acf3da3dd8e79e5d9e43e2948071955fa8

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB4B/bSm:sxX7QnxrloE5dpUp7b/

Score
7/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10d02651b6c50749154e5ae91986d131ddc5938500a962603671a5db78900349.exe
    "C:\Users\Admin\AppData\Local\Temp\10d02651b6c50749154e5ae91986d131ddc5938500a962603671a5db78900349.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1724
    • C:\IntelprocN7\abodec.exe
      C:\IntelprocN7\abodec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocN7\abodec.exe
    Filesize

    2.6MB

    MD5

    e9a9eb6ed8beb113f7be89e1e0658b71

    SHA1

    295383795f4c53b31fa542c567211da830142cd2

    SHA256

    10f1651202c5e5265105e1e9daf472ebafb8bee2c667d35b6e1457573a1f6a92

    SHA512

    b429969b13922021a045affec43243019c7c46e98e3739a304e5a5a9b5c4ce238415b25442ca5d84f388b8207b49699ccc783cf81d3a91d1da2595ec55fb8b84

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    169B

    MD5

    8977223473c9ce13ee2e807d15f3657d

    SHA1

    65803a6776fcf4f21fa022be5d7143719c8ab4a7

    SHA256

    0901eaa0d0f886039dd0b639b032b776f02ab3b5b707df4e057d3cd41f6736c6

    SHA512

    375db23affdd12b2ab83f2d510533299516eec2433421f63f1bc45a0866651d16063e3649e78bad7666778c94893114271fbafe2c1395019273a6dc3a79e1fc4

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    f88d5826df2a3cbe63fe9a8486d0fb06

    SHA1

    531b3915e64d69fd596f01244e4c34af2b610575

    SHA256

    62eafc0e116ad708ac38cebc6a11b086a9a257a476a0824c9ff4ca4de8b8c96f

    SHA512

    8369a7efcb662b30b26ee3e5f90ac9bf927d10e2da4d27e44b4232cff1707bd08bd7e9896b557be036f9e99d7f2489f336534a0400b04d46cc132bca652d1b64

    Download Submit

  • C:\Vid57\dobxec.exe
    Filesize

    1.0MB

    MD5

    b5e101aba9aa6e8a09935c38292a604f

    SHA1

    237841e616408df2af91ec826d252cae466ba286

    SHA256

    b37d923c791d8640002311910286873a73e0a43660cded2722ceeb69b02227a5

    SHA512

    90fee53de965480702c3d1c515fc651830e96cbd15d2eb578177df88e6f98b2646d26b1dc281ea6484849742f6b647635f5d19e4dd3048395873abb8508513e0

    Download Submit

  • C:\Vid57\dobxec.exe
    Filesize

    2.6MB

    MD5

    b3744c17dbd4470ba00e3bb63e87140d

    SHA1

    a49b370268be63826cdfb67eb6db6b8a17d0c041

    SHA256

    4ad1058bb4c0e8a4becc319d9d77040b1d90d5be3156ce0fa9ab85112f520c6b

    SHA512

    446a1e81fd63895f51a08e5b5da4efce44a58fcb1a9a500ddfebab728228c79001374077ada91e8cfed53925e42bfe7ad0347afc282ab4239e73f5f60f38f8a9

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe
    Filesize

    2.6MB

    MD5

    bd78216811e28bc112dee1b0d8a2f8fd

    SHA1

    edd0f3d91a4c9663b5317dd0c507dd966441a072

    SHA256

    0715bea59cc0cbe89fe5f016a4b697863b3d48119afafe8cffc6e0a858c22fc0

    SHA512

    1c17327bf00a0794b40f6b98d7a52e6445c53d51c7ef3f6c4f413c4a1dbd77b79122927c6ce1eac61d3a4eff977d8426f57353866a159d26dbede28bdc92928b

    Download Submit