Overview

overview

7

Static

static

3

ca14e9a0e8...8e.exe

windows7-x64

7

ca14e9a0e8...8e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca14e9a0e86dd792b300cca4d949bbf02d281801a8ebf8bc8ce90c0a912fd78e.exe

  • Size

    2.7MB

  • MD5

    273e642d4691f49f50fa86fb22dd37dc

  • SHA1

    cc1a05ad460a2468866c039c823c1a0ad05287b2

  • SHA256

    ca14e9a0e86dd792b300cca4d949bbf02d281801a8ebf8bc8ce90c0a912fd78e

  • SHA512

    08f954cb4adcfa38c31e705a86cf69c9819bdedb0c81e855b51d435da2febc5f0d6e47d02855c49c2c96932b79875b5d0ad2bc226bac0411979a4274d4750d62

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBp9w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca14e9a0e86dd792b300cca4d949bbf02d281801a8ebf8bc8ce90c0a912fd78e.exe
    "C:\Users\Admin\AppData\Local\Temp\ca14e9a0e86dd792b300cca4d949bbf02d281801a8ebf8bc8ce90c0a912fd78e.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\AdobeGD\adobsys.exe
      C:\AdobeGD\adobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeGD\adobsys.exe
    Filesize

    2.7MB

    MD5

    da660db5713bdc29afb1554fc7267fc9

    SHA1

    acd4df641ab2f74a1bc00f772d6a559a77c4ef58

    SHA256

    3cd12b65f87a650866f7188bdb0bb54ac7052a1d06150a22528dab93febc8a51

    SHA512

    96a2898cebcd1c8c28bb1c7b38757347a38f8330c35dd6f0b4b80b9ec0d56f198f7605948ed064be4fd034b2581e49afac2abed6180738feca3b6de99279ad00

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    199B

    MD5

    620fe0900427e4b3c99c20ee40872f10

    SHA1

    dc0b37972e4e16eba2f2c79e8f2cbe6407a7dfc9

    SHA256

    06f4b63555b1a7f9cb8db6ff15c457dddbb87e56598ce77ac443bf93b53b7fde

    SHA512

    2764a61c0d1db1ced833b29158be6bf607e29762d5f3cad9087e397c68fd96c4cf1eff4366427c0032bee5965927a19c12cdadb79e4f4d51fccaa9dfb56db65a

    Download Submit
  • C:\VidYY\bodxec.exe
    Filesize

    2.7MB

    MD5

    0eedd9105e5275ddb3a954ae32824e46

    SHA1

    400a18d32897ae11128b3143ef9c6a4080c7eef3

    SHA256

    d2dc5ad9328d5577a182c7cc6e3d8375a90626806628a4363da21894cddeeebe

    SHA512

    7e511c75f62e36b75057df3d1ece997f214f577fc965a08e3e1b222542ba384326e40fa6c7034c62df5b576d3aefc03d9e23b5ac1d7b1600e339e306a8846384

    Download Submit