Overview

overview

7

Static

static

3

b5ec6296b7...50.exe

windows7-x64

7

b5ec6296b7...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 02:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5ec6296b7fd628cd5a75109e1ea331dd8fa85482204ee33f1f30893aab97550.exe

  • Size

    2.7MB

  • MD5

    4773d2565c551c8d4cb391cafa42cabc

  • SHA1

    96d6682e1bfbe6ff0cabb3d2f16577e392647fcf

  • SHA256

    b5ec6296b7fd628cd5a75109e1ea331dd8fa85482204ee33f1f30893aab97550

  • SHA512

    81c8157e61fec86d2eb525ea622ff6065c1574c6e63e0a549961a7d6a3be4216090894302282c1bf5a6ed0239a443cd449f31312b46d63561148ec53cf8bb43d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB99w4Sx:+R0pI/IQlUoMPdmpSpR4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5ec6296b7fd628cd5a75109e1ea331dd8fa85482204ee33f1f30893aab97550.exe
    "C:\Users\Admin\AppData\Local\Temp\b5ec6296b7fd628cd5a75109e1ea331dd8fa85482204ee33f1f30893aab97550.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4296
    • C:\IntelprocUU\adobloc.exe
      C:\IntelprocUU\adobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4916
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3916 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4684

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\IntelprocUU\adobloc.exe
      Filesize

      2.7MB

      MD5

      9ac6ce9a74808d786ec80c5375fe0ed8

      SHA1

      b48c50105fa233e36aefa13ccaf09b1671cbe0e8

      SHA256

      63c6279a5915b0e938c6f4cfcc39461b8ada3bf95e87a40e6e47619e952dff34

      SHA512

      1ba129e44f26d48799a92d2117f655916d157c8c101c9285d7f841bba0a03f6cba97692dc4e15d9076c6e565ad15fb1e128fbd0416e024b49806b23ea29f59a0

      Download Submit
    • C:\MintHD\optixec.exe
      Filesize

      2.7MB

      MD5

      729aaff4c72814c89bb635fa1e5156e6

      SHA1

      52e8af8d0f393548867fdc0e32ac4857d1961ef8

      SHA256

      d2a6b99a59eccc207df803094e5ca2560b026a70d89e9e776d9c7d64a1f1773a

      SHA512

      9d9ad5634d1e3c948e5f69eea6b1852292b84a6fd101401da98ece8a8c6f80e0452217ed02b446db413e3a6f5daf54420cd4ca8cc54c48b7a3078073d63c88b5

      Download Submit
    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      205B

      MD5

      51bcd9333a2c4184ad4985f6a807f8ca

      SHA1

      536fbfef619c6b6539bd5da43f74fb7aea93d7bc

      SHA256

      17fa50b80b197a48e9983229a4bbb051c0dd387b0c21e361d988bd430523b451

      SHA512

      e3c3c6f6bd0244b0a78f6c2ca93f78f970f3a8b6374525138e19398707111421c68639f8c718e540852be270e7b0988de566b30f3e356e085244ccc74a4c5b0f

      Download Submit