Overview

overview

7

Static

static

3

c3a88557fe...92.exe

windows7-x64

7

c3a88557fe...92.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3a88557fe28bcdaa1191d3b4e58b62789052c3fd3f66c5705015fbbca3d9692.exe

  • Size

    4.1MB

  • MD5

    9fc12f85b24abda226dc964a844c357d

  • SHA1

    aa28ccf6d4397c43c728439de3c4e204f6b48eda

  • SHA256

    c3a88557fe28bcdaa1191d3b4e58b62789052c3fd3f66c5705015fbbca3d9692

  • SHA512

    0b895f2fd889696d0d609adb990a5493c67d72be2891e8cc24144dff489c1974e406c2d0cb36ff3637e9986cbc14a23c0f99f30eca359843d3e93945daffb5b8

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpK4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdml5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3a88557fe28bcdaa1191d3b4e58b62789052c3fd3f66c5705015fbbca3d9692.exe
    "C:\Users\Admin\AppData\Local\Temp\c3a88557fe28bcdaa1191d3b4e58b62789052c3fd3f66c5705015fbbca3d9692.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\AdobeCW\xbodsys.exe
      C:\AdobeCW\xbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2216

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    c1436b557be33941c49ab55b76053e12

    SHA1

    4eb87d5bb445ebf405ff62c1fe60e8f8a5525cb3

    SHA256

    63795fe415d23158090e8665e27180156cf59c8d0cc8152ff964e7ce4fe4937e

    SHA512

    9d61c51ec33dfd0fddc726380bda3aa82ce9bb0f37d6f09e78074d5923c9b0fc9af19313741ed0eb424ed270176119585ec8a364e2f3524ecfa20bf7c153a76d

    Download Submit
  • C:\VidFN\optixec.exe
    Filesize

    4.1MB

    MD5

    0cc69eebc55a5dfc002a67072bd71127

    SHA1

    43ebeae90dd9e29d78cd041cd50aa9171927ca70

    SHA256

    9eacc201a418c6c35f965b7ebd9a0ede7f8f78d05d681e0cebb854a0d2c95f14

    SHA512

    31d6e2a9425c7918d96099ebe1bf7242ed7b4abfa88c518504807914d36911257fbe79920de546c6531b3b9c60a073e536d17e88c720220124ff87edd2850fa7

    Download Submit
  • \AdobeCW\xbodsys.exe
    Filesize

    4.1MB

    MD5

    6ed12f6d8de9567e72da19e3aaeccaed

    SHA1

    2fa14a17e2444dc12517fdc0e1922010fa654df6

    SHA256

    0226ae93b34b85a929fcc11dbd8c3460c4bf25e2d447e15becc587eb1c72d595

    SHA512

    0ec6a1c746e99e1807bb5c1dbe6663e7293118247ee56f93cfa85e798707d3737c7d5703dcc3219f781621fa6e57f794bcbfe69dad620ee6bae1daca02f56ef3

    Download Submit