b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45

Analysis

max time kernel
151s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04/03/2023, 15:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe
Size

5.5MB
MD5

b6f9420c6413667deb22b6ed700ab968
SHA1

4f66449b10d99f42dfbde258e2f13d05e9b4505a
SHA256

b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45
SHA512

258e66fbfcacda80121645b26b1954d7b79743cadf0eac16def4bd8d1146949070c067e57b5fcdc95fa14dc40f6a3180b433cddf214f307682a0fe5c3cff4aaf
SSDEEP

98304:Ukk97a3cZKrXsPIdRH+H4B+H10tZMTYXryB0dphVOuAezgGVxF+Z2fs9Fy:UL97tUuB0dgGVxFwFy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2784	adb.exe
1304	adb.exe

Loads dropped DLL 4 IoCs

pid	Process
2784	adb.exe
2784	adb.exe
1304	adb.exe
1304	adb.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\adb.exe	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe
File created	C:\Windows\SysWOW64\AdbWinApi.dll	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe
File created	C:\Windows\SysWOW64\AdbWinUsbApi.dll	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2056	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe
2056	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe
2056	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe
2056	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe
2056	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe
2056	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2784	2056	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe	84
PID 2056 wrote to memory of 2784	2056	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe	84
PID 2056 wrote to memory of 2784	2056	b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe	84
PID 2784 wrote to memory of 1304	2784	adb.exe	86
PID 2784 wrote to memory of 1304	2784	adb.exe	86
PID 2784 wrote to memory of 1304	2784	adb.exe	86

C:\Users\Admin\AppData\Local\Temp\b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe
"C:\Users\Admin\AppData\Local\Temp\b6d88208ffab2ea6ef39424d402b073090d7c094c2e3817a994a29503af94f45.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\SysWOW64\adb.exe
  "C:\Windows\system32\adb.exe" devices
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Windows\SysWOW64\adb.exe
    adb -L tcp:5037 fork-server server --reply-fd 596
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\AdbWinApi.dll

Filesize
95KB

MD5
ed5a809dc0024d83cbab4fb9933d598d

SHA1
0bc5a82327f8641d9287101e4cc7041af20bad57

SHA256
d60103a5e99bc9888f786ee916f5d6e45493c3247972cb053833803de7e95cf9

SHA512
1fdb74ee5912fbdd2c0cba501e998349fecfbef5f4f743c7978c38996aa7e1f38e8ac750f2dc8f84b8094de3dd6fa3f983a29f290b3fa2cdbdaed691748baf17

Download Submit
C:\Windows\SysWOW64\AdbWinApi.dll

Filesize
95KB

MD5
ed5a809dc0024d83cbab4fb9933d598d

SHA1
0bc5a82327f8641d9287101e4cc7041af20bad57

SHA256
d60103a5e99bc9888f786ee916f5d6e45493c3247972cb053833803de7e95cf9

SHA512
1fdb74ee5912fbdd2c0cba501e998349fecfbef5f4f743c7978c38996aa7e1f38e8ac750f2dc8f84b8094de3dd6fa3f983a29f290b3fa2cdbdaed691748baf17

Download Submit
C:\Windows\SysWOW64\AdbWinApi.dll

Filesize
95KB

MD5
ed5a809dc0024d83cbab4fb9933d598d

SHA1
0bc5a82327f8641d9287101e4cc7041af20bad57

SHA256
d60103a5e99bc9888f786ee916f5d6e45493c3247972cb053833803de7e95cf9

SHA512
1fdb74ee5912fbdd2c0cba501e998349fecfbef5f4f743c7978c38996aa7e1f38e8ac750f2dc8f84b8094de3dd6fa3f983a29f290b3fa2cdbdaed691748baf17

Download Submit
C:\Windows\SysWOW64\AdbWinUsbApi.dll

Filesize
61KB

MD5
0e24119daf1909e398fa1850b6112077

SHA1
293eedadb3172e756a421790d551e407457e0a8c

SHA256
25207c506d29c4e8dceb61b4bd50e8669ba26012988a43fbf26a890b1e60fc97

SHA512
9cbb26e555ab40b019a446337db58770b9a0c9c08316ff1e1909c4b6d99c00bd33522d05890870a91b4b581e20c7dce87488ab0d22fc3c4bbdd7e9b38f164b43

Download Submit
C:\Windows\SysWOW64\AdbWinUsbApi.dll

Filesize
61KB

MD5
0e24119daf1909e398fa1850b6112077

SHA1
293eedadb3172e756a421790d551e407457e0a8c

SHA256
25207c506d29c4e8dceb61b4bd50e8669ba26012988a43fbf26a890b1e60fc97

SHA512
9cbb26e555ab40b019a446337db58770b9a0c9c08316ff1e1909c4b6d99c00bd33522d05890870a91b4b581e20c7dce87488ab0d22fc3c4bbdd7e9b38f164b43

Download Submit
C:\Windows\SysWOW64\AdbWinUsbApi.dll

Filesize
61KB

MD5
0e24119daf1909e398fa1850b6112077

SHA1
293eedadb3172e756a421790d551e407457e0a8c

SHA256
25207c506d29c4e8dceb61b4bd50e8669ba26012988a43fbf26a890b1e60fc97

SHA512
9cbb26e555ab40b019a446337db58770b9a0c9c08316ff1e1909c4b6d99c00bd33522d05890870a91b4b581e20c7dce87488ab0d22fc3c4bbdd7e9b38f164b43

Download Submit
C:\Windows\SysWOW64\adb.exe

Filesize
2.5MB

MD5
c752064585ce1c47cf113fc776e0d678

SHA1
91f594bfd06ba34bdc4a0acd2b0d570da0feb7bc

SHA256
f1f654df0a74b171da34750b4ff34f15a49b75d45aed54123b72998aef619968

SHA512
08f3e8f4139294781765e822747f6f3c09370c093e259f3c0b9e07e8629a497d1720951b4c99606b3b86f5d5d15c213b1559d710bc8d00cef18f90732098647b

Download Submit
C:\Windows\SysWOW64\adb.exe

Filesize
2.5MB

MD5
c752064585ce1c47cf113fc776e0d678

SHA1
91f594bfd06ba34bdc4a0acd2b0d570da0feb7bc

SHA256
f1f654df0a74b171da34750b4ff34f15a49b75d45aed54123b72998aef619968

SHA512
08f3e8f4139294781765e822747f6f3c09370c093e259f3c0b9e07e8629a497d1720951b4c99606b3b86f5d5d15c213b1559d710bc8d00cef18f90732098647b

Download Submit
C:\Windows\SysWOW64\adb.exe

Filesize
2.5MB

MD5
c752064585ce1c47cf113fc776e0d678

SHA1
91f594bfd06ba34bdc4a0acd2b0d570da0feb7bc

SHA256
f1f654df0a74b171da34750b4ff34f15a49b75d45aed54123b72998aef619968

SHA512
08f3e8f4139294781765e822747f6f3c09370c093e259f3c0b9e07e8629a497d1720951b4c99606b3b86f5d5d15c213b1559d710bc8d00cef18f90732098647b

Download Submit
memory/2056-133-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/2056-150-0x0000000000400000-0x0000000000982000-memory.dmp

Filesize
5.5MB

Download
memory/2056-151-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download