8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
23/09/2023, 12:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
Size

2.6MB
MD5

160211bd67f9e1438f133a2be3f0b13f
SHA1

51fc4183c2f1e70f17fe8477cd9c7183b9da0534
SHA256

8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332
SHA512

0ffe99334fbae6cd233a4c4ea2fa65e96500645da1b2d808a29ce162ac3fdc3dd2a30ac8b395521ddfaee4fd708791ee5e24089797e26b2f04faa035ccc66037
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Su:+R0pI/IQlUoMPdmpSpc4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3016	adobsys.exe

Loads dropped DLL 1 IoCs

pid	Process
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrvVC\\adobsys.exe"	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBP8\\dobdevsys.exe"	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
3016	adobsys.exe
2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 3016	2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe	28
PID 2248 wrote to memory of 3016	2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe	28
PID 2248 wrote to memory of 3016	2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe	28
PID 2248 wrote to memory of 3016	2248	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe	28

C:\Users\Admin\AppData\Local\Temp\8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
"C:\Users\Admin\AppData\Local\Temp\8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2248
- C:\SysDrvVC\adobsys.exe
  C:\SysDrvVC\adobsys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\KaVBP8\dobdevsys.exe

Filesize
2.6MB

MD5
910cb61573fb811f2ed6796f0c6d8f80

SHA1
f1fb563cb5768c42c5b580d4533b7bbb7da49a1b

SHA256
babfc34036074f4039408fba2283b006f8b56be2cbd323da9c83c40826dba200

SHA512
1d17b90a227ce34a1713353e213c8af3549822b016982a924249689fd3da41235f4d62e8c0cbc51fa998b542fce18dec805bd1dc3ba74f116a8b3aa158eecbd0

Download Submit
C:\SysDrvVC\adobsys.exe

Filesize
2.6MB

MD5
ec36dfcd89151a3151464163e2e114fc

SHA1
1c87b1675a06621614ec9b1599fa0b134cf474de

SHA256
711dac1fc4dfc22319db8ac7676a59fd3972f930a7a22db45f7a2f4866be4a38

SHA512
b51041736f98db9c3537c00593d6230da5bf73cf4d70815bc53f8233cccd755275cdfd397457b38c7ff05911ce7de96850bd3898bcb13095e77f8b09a6a4767a

Download Submit
C:\SysDrvVC\adobsys.exe

Filesize
2.6MB

MD5
ec36dfcd89151a3151464163e2e114fc

SHA1
1c87b1675a06621614ec9b1599fa0b134cf474de

SHA256
711dac1fc4dfc22319db8ac7676a59fd3972f930a7a22db45f7a2f4866be4a38

SHA512
b51041736f98db9c3537c00593d6230da5bf73cf4d70815bc53f8233cccd755275cdfd397457b38c7ff05911ce7de96850bd3898bcb13095e77f8b09a6a4767a

Download Submit
C:\SysDrvVC\adobsys.exe

Filesize
2.6MB

MD5
ec36dfcd89151a3151464163e2e114fc

SHA1
1c87b1675a06621614ec9b1599fa0b134cf474de

SHA256
711dac1fc4dfc22319db8ac7676a59fd3972f930a7a22db45f7a2f4866be4a38

SHA512
b51041736f98db9c3537c00593d6230da5bf73cf4d70815bc53f8233cccd755275cdfd397457b38c7ff05911ce7de96850bd3898bcb13095e77f8b09a6a4767a

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
203B

MD5
cc031937dd51ae19205f297b413c898b

SHA1
335a6d4985d8c60aa1e960195efc2ddfcaebc22c

SHA256
21fdfb67d6d11e0d9886acc61bc9944e756f2ac02d6a179d1500b475ede0234f

SHA512
3eafa616c4bdae6e79702ed2a10241aa2513b64f0f810be9bd76fdc667cba241d5df4142c13c3413a71fcf921305e7c11129a5d80d99bebc2e1834153830fbe8

Download Submit
\SysDrvVC\adobsys.exe

Filesize
2.6MB

MD5
ec36dfcd89151a3151464163e2e114fc

SHA1
1c87b1675a06621614ec9b1599fa0b134cf474de

SHA256
711dac1fc4dfc22319db8ac7676a59fd3972f930a7a22db45f7a2f4866be4a38

SHA512
b51041736f98db9c3537c00593d6230da5bf73cf4d70815bc53f8233cccd755275cdfd397457b38c7ff05911ce7de96850bd3898bcb13095e77f8b09a6a4767a

Download Submit