Overview

overview

7

Static

static

3

bd4e3b5bab...58.exe

windows7-x64

7

bd4e3b5bab...58.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 02:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd4e3b5bab2e6418e701ab52535bd2e87614bdef9fd56035bfbb6c1b84caaa58.exe

  • Size

    2.7MB

  • MD5

    5d89ae3cd6222d228c977547475f9c89

  • SHA1

    f583bd60397bc5d6f24f011cf2937e2289fb7f6a

  • SHA256

    bd4e3b5bab2e6418e701ab52535bd2e87614bdef9fd56035bfbb6c1b84caaa58

  • SHA512

    4844606c204e258d68e83192e35e5abc147bbd31f4e2d027377d3b909891404936e025f0ba1cce02a0664d2ca5368bd4378b04c5b4428486a4b44386661ca240

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB29w4Sx:+R0pI/IQlUoMPdmpSpI4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd4e3b5bab2e6418e701ab52535bd2e87614bdef9fd56035bfbb6c1b84caaa58.exe
    "C:\Users\Admin\AppData\Local\Temp\bd4e3b5bab2e6418e701ab52535bd2e87614bdef9fd56035bfbb6c1b84caaa58.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\AdobeWD\devoptiloc.exe
      C:\AdobeWD\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeWD\devoptiloc.exe
    Filesize

    2.7MB

    MD5

    1a252c57f7fe3e13eb46531fda10c085

    SHA1

    37ef9e0d8ec415dcad521820eb4de55e7d49eee4

    SHA256

    1467fabbf3bec52e86ac9389c023e380a6f0b7b9d83c3047480afa495c37d330

    SHA512

    7d4cbef5e211d9a73f8841ebac858a1a41d1c6ed932e4f7995f38413c81e42cd38a2b95234bdf90ca28c98b3a89f1bbeb175999b2e7a88a8c3c4c8288fba01e6

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    3e4c0212a26b2278c7d38b4dd242d595

    SHA1

    0eb088f65ee83fd9bb41f929038282067ac5b278

    SHA256

    6a53f5847c4a522307b47a2149a9764549fdb5b355507dc8610639a43ec8f476

    SHA512

    bce608c4d7c00eb37229a06782937b8c79be054f3bab4ad6e421191628b66760bbe4f1ccc5e32ff8f485e8ebd5de5537cdfc481b62499bfe768dac3f565d20d6

    Download Submit
  • C:\VidO0\optixec.exe
    Filesize

    2.7MB

    MD5

    4f09f4641469b3e8151cf90b798ba14b

    SHA1

    c9e70c2c9301f18e258c288cbcd774eb3c406f62

    SHA256

    a9800c39a8550c7012893e5e12a17d2cc439814b90e09bea440f1b1b4169543b

    SHA512

    c98c9e0b2219ed35803ad196d3fb99ef04ad20d142e95136d342e45bfa7ac8b8585c06b9f40f390e46c95641f590a5e148246f1c3d7553b7edf464e7f85299b5

    Download Submit