Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-05-2024 20:30

General

  • Target

    37c47da4a6761c05f2ca9a30006a28e779397cd5d8dc60cbc79922f228be906d.exe

  • Size

    2.7MB

  • MD5

    473687945f9652b1b177759053b42fc6

  • SHA1

    6496838a1411be7c54e5438e26ccc8dffca77f9c

  • SHA256

    37c47da4a6761c05f2ca9a30006a28e779397cd5d8dc60cbc79922f228be906d

  • SHA512

    cbdac78f0291c67729bca668831e9180c9a488d6b3e1b5f97be792ab11a432763516b8e8d27f815a17d283fdff666173af14c860516e6509c1c28ea257549dfd

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBs9w4Sx:+R0pI/IQlUoMPdmpSpa4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37c47da4a6761c05f2ca9a30006a28e779397cd5d8dc60cbc79922f228be906d.exe
    "C:\Users\Admin\AppData\Local\Temp\37c47da4a6761c05f2ca9a30006a28e779397cd5d8dc60cbc79922f228be906d.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:344
    • C:\AdobeG9\xoptiec.exe
      C:\AdobeG9\xoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeG9\xoptiec.exe

    Filesize

    2.7MB

    MD5

    68516943e19a56700e50b64305448b77

    SHA1

    6104363af12c203e2739afacd58718f579ccc543

    SHA256

    a6a76b7f8bc1e102e927e1dce8592c7435ca55feaa9031080e47f8ed0dac23d1

    SHA512

    cd36f8dd5426056cd612cbb1b6d641818676412007959aa686894ed01f7f9f1abdc12dedf574631e1cea637785d22890437054173b1f4c329ab1a502e2cb9437

  • C:\KaVBJV\dobxloc.exe

    Filesize

    33KB

    MD5

    140ecac8a21241b7cf801ac9571366ae

    SHA1

    f086b245b98d0c7be0bf1e9330595aef115d9809

    SHA256

    f4c510037c5a5574c1e47e524d2e0cfcd6278aca8d11aacad48d09c0e93b1b48

    SHA512

    5f0b91f1bdcfa5de7ec3efd305a2170705e163bc473186b86b6758cee079a47e99f7c40b3fc5c74caf5e6e6a0afdbee8024d61418eba1ecf781a6ec65c26b10c

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    200B

    MD5

    575e9157eac72f16dab4a76244d58848

    SHA1

    8b8a49c0bec3b5b0a8550ebc959773bfa539227c

    SHA256

    6f9645da071114ab497efea093c793acde71b01b839f6909fed779891cb17ec0

    SHA512

    eee49fee3683db0a1a86c1580c4dbb076062ffaecb9e2a30217c3afc7ea05633afc38a4374a5784264210252927dbc1806f67f3aec1a00909693e2409e126d0c