Overview

overview

7

Static

static

3

cd84aa8f6e...cd.exe

windows7-x64

7

cd84aa8f6e...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd84aa8f6ee91fb61d9d828e686a5a65de1372d7835b49ad3b82850078a30dcd.exe

  • Size

    2.7MB

  • MD5

    aa0e2ede9a8b015f2b2e90be43ab3fad

  • SHA1

    04e4775e1d02a046dddc8d947c1e8c05b7a2f718

  • SHA256

    cd84aa8f6ee91fb61d9d828e686a5a65de1372d7835b49ad3b82850078a30dcd

  • SHA512

    8fa8a896dc14b96884dc2be8a67b8f908fdb8bc1d2f851305cc1f4ca436b79323e08cbb11030365e822cd4ae2ba41f4749a0beaf3a31c6bb8b760bc1b31d3e0a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpX4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd84aa8f6ee91fb61d9d828e686a5a65de1372d7835b49ad3b82850078a30dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\cd84aa8f6ee91fb61d9d828e686a5a65de1372d7835b49ad3b82850078a30dcd.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\IntelprocG8\adobec.exe
      C:\IntelprocG8\adobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2120

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBEJ\bodaec.exe
    Filesize

    2.7MB

    MD5

    0486085bcdb413b6b85d9eb21bdb462d

    SHA1

    cc11ae3122ef7b6f0278eec1d6e998aaf88a3414

    SHA256

    7cf5c8cdb6093a1975c11ee2cea4f6556fe5ec88e9392f89815563689653a2e1

    SHA512

    8e21d323fbf22b1341ebd6c24fc11a52d2c0238620f6e6ce786f1abdefc499927d02c33c3e143da6b27f696f43446fad635ff8011a5f2734f710b0d1dc2c6e22

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    36cf1d718a377713c290b2c10936e86d

    SHA1

    85d69cbe11ad59be04da679390d466dda0940f45

    SHA256

    82a41d5fd0b4db72c02d0a854b3f6f5908803623ed59fb0b531e4a5351a55858

    SHA512

    c426d6850100134daa839f10dedf930c9730da82a74e490324a272ee01a671dc51a5a4b5aa668ad13c0485b0c2aac124ee5d9e820b1a1a8cc0a5bf4cb426c0f6

    Download Submit
  • \IntelprocG8\adobec.exe
    Filesize

    2.7MB

    MD5

    310e55f832d999951bc578b6add8a106

    SHA1

    5a29662f9285dca4d7d1ef8832c1ff5387981b98

    SHA256

    24346be9a24532eeb151f8592531fa953db8357842aeb8958ec784d69b587a30

    SHA512

    c8205902ae2990c6bed2595593a295cd410af71a31f43973f29d0c34c236a785f1866f423efac8b7b91bc21160351766a038d413c75488ae52a32b0995efaa07

    Download Submit