Overview

overview

7

Static

static

3

bd560551f6...d5.exe

windows7-x64

7

bd560551f6...d5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 02:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd560551f6ee7ad48ad2c0f3200be31e817530249c58ef546b9e7ad1a217eed5.exe

  • Size

    2.7MB

  • MD5

    ba8da79ff4c0f57018fd29846eed383a

  • SHA1

    be836b2d51d2e96aea4635bca73c3afa297d4def

  • SHA256

    bd560551f6ee7ad48ad2c0f3200be31e817530249c58ef546b9e7ad1a217eed5

  • SHA512

    6c8c75e214b9bac0292481e53d3b401599ea9187cf2baa58b0f27ebaa76d12249892473d4e6afefb494314deba824db8917844deacd7a6d40d09ca32081df239

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBa9w4Sx:+R0pI/IQlUoMPdmpSpM4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd560551f6ee7ad48ad2c0f3200be31e817530249c58ef546b9e7ad1a217eed5.exe
    "C:\Users\Admin\AppData\Local\Temp\bd560551f6ee7ad48ad2c0f3200be31e817530249c58ef546b9e7ad1a217eed5.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\AdobeLN\devdobec.exe
      C:\AdobeLN\devdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeLN\devdobec.exe
    Filesize

    2.7MB

    MD5

    32f2802ab83b047a73dd380de039f51f

    SHA1

    c333604a0ed91cf13a41bd622005c9557e4b0774

    SHA256

    fb8d951f138f6a0e864d44244fd8f6165765e8e69b50ede5de64bd4fb16c85ed

    SHA512

    e149d51e0cdcc5a57eaba0d1fe5ac1743a3c53a5d3a14ebd77b642c28d9abd65a6badb1cd9011b21ec5538d3f9a434d9cd2e4a1848c111523305c2050728e072

    Download Submit
  • C:\MintCX\optidevloc.exe
    Filesize

    8KB

    MD5

    b12a7a76f55cb7a71f78c93f1d348bb0

    SHA1

    c047d6340865e6eee54449c0ab23352a7a6b8951

    SHA256

    2d0afc4be8be11cf8dc53be35f043330cbe65e48539c27ec895df91a31bc8288

    SHA512

    698d2bc59711947b99010410bc141e75352fad07e034b06a63d4a4294fde28d7b9210824d23eaaf09ab36b16777ec43af70450b97b22e6753cff86d5c1450f17

    Download Submit
  • C:\MintCX\optidevloc.exe
    Filesize

    2.7MB

    MD5

    b6febed613f897b79284c47c858abb4f

    SHA1

    698863660fe421518d119795df4dd0f0b2178285

    SHA256

    a6a723a2c0c21e9c6f773085510f198c8a3754bdd04b4468097a5d205f720ec9

    SHA512

    90ac1f56b7b2075c5b8aeb6fa7b98f55f29f4eda734d43bbc8ce389a30ef6da85044e6e03f71cfa685d4b24f795ed585260629aaee473c8e7c83aaf43e4d3761

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    7334cfbba7f9b27b50982edf91355e0c

    SHA1

    5cc809ef9bb31866e5e9f5095168250028f42920

    SHA256

    81a93dc855450bad5a362a01e861f95f1a2562e55207ed4172b610d128522ae0

    SHA512

    6fc3b294a8dc2a7338696864adf37273c96b1926ce0572d5623b04c01a0afd8dcb5fb470198ed52611e84c548d4a365c570527b2d4139e37c12cbbdfc5d5f052

    Download Submit