Overview

overview

7

Static

static

3

9b6be82be5...1e.exe

windows7-x64

7

9b6be82be5...1e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b6be82be5b993a2d72a8be7a64ec19f3fd7d69a7bcfec967636ba22d6fe511e.exe

  • Size

    2.7MB

  • MD5

    051265d04d5c4626c40c62591cefff1b

  • SHA1

    5108848cae5f15ad42acf930d27cac27a14f6999

  • SHA256

    9b6be82be5b993a2d72a8be7a64ec19f3fd7d69a7bcfec967636ba22d6fe511e

  • SHA512

    b64b571aaab1641d02fba83b1388e26ff705d873c5e902ea1325b3fc98c7a816b54b59a9f8503505e2f0a40c49e01886ab003983e2c89d0373afb2a878e3773e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4Sx:+R0pI/IQlUoMPdmpSpj4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b6be82be5b993a2d72a8be7a64ec19f3fd7d69a7bcfec967636ba22d6fe511e.exe
    "C:\Users\Admin\AppData\Local\Temp\9b6be82be5b993a2d72a8be7a64ec19f3fd7d69a7bcfec967636ba22d6fe511e.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Adobe5O\abodloc.exe
      C:\Adobe5O\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:648
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1960,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:8
    1⤵
      PID:4388

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Adobe5O\abodloc.exe
      Filesize

      2.7MB

      MD5

      791bed1f1d9d215731803fd3eeea0255

      SHA1

      2d6ca49628a62c10d03a72d1514fa4f3ca68bc2a

      SHA256

      9ed56bc6994a6d09c87d906f3969ff97c76cdafe39dced71d7747ecdeaa1bb3c

      SHA512

      5c8c7417c3ab8aca008778517671a20d1551d6fc7e7c5659fe47713bde4e0ff79284ed4242345220131eb2c1c6787de855d97d84d0d8da47e7e55b9e52c8956b

      Download Submit

    • C:\LabZ2P\bodaloc.exe
      Filesize

      2.7MB

      MD5

      1626870df57d1c63bbc406179d675255

      SHA1

      4e1d4e2a060fc2a43bedaec3655f8713db4e174c

      SHA256

      d05eb7c92ef5bb22350927ab722ac17413697fe8da21085a1f416a2ef37bb614

      SHA512

      38588ca0501c17e1d0ef04b12d6e798aeba6ee10ceed671cd39ef0cf07f457d3b93e6a66ff3b8da6145247d6d5858970db34c6c3c9d1f4f56f340e1fe9a1dde6

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      203B

      MD5

      6f8cd4a91cf0acd9b4bc064b7fe39464

      SHA1

      2911314738c75f3bc4514e5e38dcae476f3b2c72

      SHA256

      53c338dbd37d0c2045cded82412030d7b3fb87bf1599ab5fca817c3c976b4cd8

      SHA512

      20c06043d6d3ff4c63364821670db3b0373d534b1c838ef7b5fe9f8c0d628c256233a96effd55ff8865b784e22cab0d43a3ed066a3ece363f088ff7ba8cabfc1

      Download Submit