Overview

overview

7

Static

static

3

166fc2e0d8...4a.exe

windows7-x64

7

166fc2e0d8...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 18:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    166fc2e0d819347172df8fc7a1716ea2939f39907de79878de2a7e69a21e314a.exe

  • Size

    2.7MB

  • MD5

    0f1549d34feaa6a20c411e205df2ac28

  • SHA1

    e01eee6eb17961f5ee4d5f07667014072bd09452

  • SHA256

    166fc2e0d819347172df8fc7a1716ea2939f39907de79878de2a7e69a21e314a

  • SHA512

    728f1df304b76320fd16090e239e5ac12a708a8cb816208af556b771a60ee8a4d236896129e64f88bb9725e57a6e0a72520f48027356d0f210859d7fa997e382

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4Sx:+R0pI/IQlUoMPdmpSpH4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\166fc2e0d819347172df8fc7a1716ea2939f39907de79878de2a7e69a21e314a.exe
    "C:\Users\Admin\AppData\Local\Temp\166fc2e0d819347172df8fc7a1716ea2939f39907de79878de2a7e69a21e314a.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\AdobeY8\adobec.exe
      C:\AdobeY8\adobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxV4\optiaec.exe
    Filesize

    2.7MB

    MD5

    7fb3aa93a8ed965aab9859052d8f2cf5

    SHA1

    02e1081529e187b80f09ec1a451b8f7409e13a5c

    SHA256

    b25ec76b02381e24f67e14f5a55f3eeaaca52e70e38f614a8b53f1732cf505ec

    SHA512

    335398a174b9bd4d33d60030d29e29fb7448508c1f99807445777380d2c103f4f5f3e76fbda9e15fe00f747c018bb57b788f31f835397eea317fc0f278a1b8eb

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    0d24b9b9e6790b1d429288f7f8ec656a

    SHA1

    9384d4b341ec47e6e7b0ebbff6be41f255742b0c

    SHA256

    84b5ca1de418e883ea796e36741cd889ff1bbe656e765020956ccef79a676103

    SHA512

    ae9dd6ed81fb4f4934c656d8a8bc8f8492edad8fad0b38c84bc0ff462522717129d134a6204905014e3b36e4103fcb6a8c37a0347cee7a3559049b87751bfa46

    Download Submit

  • \AdobeY8\adobec.exe
    Filesize

    2.7MB

    MD5

    406c5aec286b8e5bc4dce1fdf33cd8cb

    SHA1

    a6bd337f50868a489ad9b8b8828a761a46bdb2d2

    SHA256

    a8b9773987827cc6954bfa317dc663961127b912bbaabfbe9e462893303e80dd

    SHA512

    39471f9b5033445fdae8d9f675e6648c90eb05322a46fb3091c45914bf5eabaae9e75bf3dc1262428274e70cf640b471392325127295254ca606ff190bb916de

    Download Submit