Overview

overview

7

Static

static

3

d467fc1822...ea.exe

windows7-x64

7

d467fc1822...ea.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d467fc1822c332b85f6187531434ea91f4b84d5fd50d25b42b3adcf1a954a5ea.exe

  • Size

    2.7MB

  • MD5

    70943ee260ee8837d0e79c43c41e060f

  • SHA1

    20de89048527f4742f1ef0605bfbcc19999a8e4b

  • SHA256

    d467fc1822c332b85f6187531434ea91f4b84d5fd50d25b42b3adcf1a954a5ea

  • SHA512

    6ead323f1b0f238cd4065915836e5207d715ea2b81ba174f9281b83230409a9c9de43e0ce39009cc7b2944cee83bb8a670191dd9214ea6df2264a3adf72adf18

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSpk4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d467fc1822c332b85f6187531434ea91f4b84d5fd50d25b42b3adcf1a954a5ea.exe
    "C:\Users\Admin\AppData\Local\Temp\d467fc1822c332b85f6187531434ea91f4b84d5fd50d25b42b3adcf1a954a5ea.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\AdobeX2\xdobsys.exe
      C:\AdobeX2\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeX2\xdobsys.exe
    Filesize

    2.7MB

    MD5

    5ea259509a2f04c9ca82306394681e37

    SHA1

    a86ac0e4fb732fa0a395b284d292fa87dbf67a35

    SHA256

    089fef6fa5dad1b871346bfa7b60cc82f7504aa8b65e9ab9cbb28a2acb49323c

    SHA512

    10c8b87a6dbbe90c55c07dc3ca53745fc02d4606e65fa14e13c83c9cbfefa596e0c1b40d705c5661dd794a067adf92c44adfca272e48053ac747a3bec6829f5c

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    202B

    MD5

    48acc867e669ad447f09977735ee5282

    SHA1

    f8a67d415c5968e828c46caf07ab80d791904390

    SHA256

    277b3fdfa509f296e35d0f9f3a10da3b2b83350b0892da7d400658ce154ee140

    SHA512

    2fb3ddba8b1cbcf6606d0f1c6a8b418ba947004b50af4ebd30ed10b90bc4b1f7e5310a4a532782166a64ebf02f91b81d9551003c21789efc8de79a2e6e716492

    Download Submit
  • C:\VidUZ\optiasys.exe
    Filesize

    2.7MB

    MD5

    2c0c7bfc03e7fd7e449f6b23c4b51d6f

    SHA1

    cdf90fac22bd94dfcddc62605760f7ac65144781

    SHA256

    308fdf1b43110106739af409d7abdcc762d25905d88712e835d251de9c681583

    SHA512

    21bfb9e4f4a6c18ee532c3f7882340c9a644d9fb14d593308932b735649ca2f6606645049ad5bef8b55f74a5e6fd1c169344b398d0ca708a7b8fb61e698078f7

    Download Submit