Overview

overview

7

Static

static

3

37c3f42d9e...39.exe

windows7-x64

7

37c3f42d9e...39.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-04-2024 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37c3f42d9eedbe62c9b66dbca3abc12cf5f47a38a008cebf30c3b341a087e139.exe

  • Size

    2.7MB

  • MD5

    26ca5c12a12b97916dcc72489073dfab

  • SHA1

    5438c3151794e6a1601934773dcb2e3bd7b7686b

  • SHA256

    37c3f42d9eedbe62c9b66dbca3abc12cf5f47a38a008cebf30c3b341a087e139

  • SHA512

    2f70995483bf30a91229c6e54c0ce9d63bb0ce5a2519ca15976800f0184a91f83d7f4905e0fefc3a6f74d7606431574068e4113d9ce15729b92ec5265c0e0e61

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBa9w4Sx:+R0pI/IQlUoMPdmpSpE4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37c3f42d9eedbe62c9b66dbca3abc12cf5f47a38a008cebf30c3b341a087e139.exe
    "C:\Users\Admin\AppData\Local\Temp\37c3f42d9eedbe62c9b66dbca3abc12cf5f47a38a008cebf30c3b341a087e139.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\AdobeMM\xbodec.exe
      C:\AdobeMM\xbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3808
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5248 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4532

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\AdobeMM\xbodec.exe
      Filesize

      2.7MB

      MD5

      ec004de48573e68dcaf3fd4a938479b0

      SHA1

      4eef49a6ec4bc15cb0b31659b1fac8e4af155943

      SHA256

      0cdd58edc81d49cc5a214fcc0bde177f93fac422aad014dad8eec7045bd05dd6

      SHA512

      85cc8fbc4a4fcccde693c15274f51dea87451eb6b6776a3d3b1bce3ac1202aee0111d7e7ec45999f2edc8edce33ca9daec5c1f6ac8ee1114b0ce6b644c4685b1

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      199B

      MD5

      7a7fc983be635cca4d8be5d40f6c6674

      SHA1

      09448fb56248ceb54bc4fe1e22c3668f46ae31dd

      SHA256

      dbe08c8bf1411c9b5da8295249b54d6fe7e7ca98bb5b9735899b1527695f356f

      SHA512

      3f76ec26a3a517148f3ecb1fe13208350c0502346a64b0c7a4059049b6a17ba99651bdcc3484a3963effca9a0f53fa09d4f9fbd575bfa09d3efbbc21713bd7c8

      Download Submit

    • C:\VidB9\optiasys.exe
      Filesize

      2.7MB

      MD5

      476966823a6d8b60d06a623581ee5385

      SHA1

      096faf0f8f491452b2f6906a4947145b0b374420

      SHA256

      e9d960c02792243dd457df6508354a5c73747567d231459a9842de8aea0b25e9

      SHA512

      7aa0423c6263ab00565d8d82522682b1b57cc844d892d004db5dc38be0f0fa25293d6acdd7a0da3557250f296be3272070dde352d888d8743946cad906d765ee

      Download Submit