Overview

overview

7

Static

static

3

bacdfc23cd...97.exe

windows7-x64

7

bacdfc23cd...97.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bacdfc23cd441e75db7bcf8c60a311dede024ff9e081914ae29c9d8cd3ecb497.exe

  • Size

    2.7MB

  • MD5

    1e82ef583d875429e3022dc9e16fbfef

  • SHA1

    d7e31fe9dd2806796078355e88c19b759e4b288c

  • SHA256

    bacdfc23cd441e75db7bcf8c60a311dede024ff9e081914ae29c9d8cd3ecb497

  • SHA512

    6f2dca48899851efce3d79bbd5d522eeb08a1218c5c9f6eeb72118dbda5dbd17860d8519e5eed7b64911badafd6d6dd6f41c1b199eefb352cdcbfc4b7c3af3f8

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBM9w4Sx:+R0pI/IQlUoMPdmpSpi4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bacdfc23cd441e75db7bcf8c60a311dede024ff9e081914ae29c9d8cd3ecb497.exe
    "C:\Users\Admin\AppData\Local\Temp\bacdfc23cd441e75db7bcf8c60a311dede024ff9e081914ae29c9d8cd3ecb497.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5796
    • C:\Adobe7A\devdobsys.exe
      C:\Adobe7A\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Adobe7A\devdobsys.exe
    Filesize

    2.7MB

    MD5

    08754fad707366173a3f08bff381f361

    SHA1

    28337187f1d58709cd1edcfcb8aa4fafd82c6392

    SHA256

    a669d0d717f19e34ef21a1b707dfe05b2d581cab5b97f1e9fb82bf0303bae709

    SHA512

    4cd80ac2bf58e284872436349a128447ecf6285af7a75fa5e771f88a117b5fe976b69d6d52387e8044f7b5bac635d94851bbef6d515281aaa0744567f82a8e5f

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    2ed8d260793c5dc48ed1c881ef45fd15

    SHA1

    852137d9a345a61c979c694a4d69b93be9aff6a5

    SHA256

    7099d288198a6964564cadf91380b6729c33b8449daea3b26454517e6813d224

    SHA512

    97560b069939a07d51476277585468d48beaca9fe52530056bed88ae6f64704bab8ad65f2b4204af69d9a10c758cf40a84a06e83160bd49c47d023d5236aaf19

    Download Submit
  • C:\Vid62\boddevsys.exe
    Filesize

    2.7MB

    MD5

    36f2385ac14136d9d2795ac6cfd97e1a

    SHA1

    9f4b719a50f899f813316e560915ff15f109189e

    SHA256

    9d110f2d6e2f4e996f8e9b911ea72ee6f06e595ce8258a85cc0c093012ed03bb

    SHA512

    0f82210bc6beae1fa0630bd294ddb7384238d821111bb0de5f8749b046cb1f7030445e05e2ad6f623ff821e02a04e7ab43d28e5b5894b371aa25014feff4079f

    Download Submit