Overview

overview

7

Static

static

3

2846487118...2a.exe

windows7-x64

7

2846487118...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 19:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2846487118e6d529062049e8d73daed5c1650249661faf4d2b4bf9fce3c23d2a.exe

  • Size

    2.6MB

  • MD5

    411a3af6ac95d7f3f0308f29bb40fffd

  • SHA1

    bd87d2b0d738afe5ac4af9d5b17d58a73446f7a4

  • SHA256

    2846487118e6d529062049e8d73daed5c1650249661faf4d2b4bf9fce3c23d2a

  • SHA512

    fb95f50b3188d87b1ee87073e4c3cf976dbe43fce311d4976be2055f813a85c53cb7a695bf36bcd49a5d4b1d3168055713c34780d406b05d6c9802216dd7c088

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBeB/bS:sxX7QnxrloE5dpUpVb

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2846487118e6d529062049e8d73daed5c1650249661faf4d2b4bf9fce3c23d2a.exe
    "C:\Users\Admin\AppData\Local\Temp\2846487118e6d529062049e8d73daed5c1650249661faf4d2b4bf9fce3c23d2a.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecabod.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecabod.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3252
    • C:\IntelprocKY\adobloc.exe
      C:\IntelprocKY\adobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:372
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3452,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=1300 /prefetch:8
    1⤵
      PID:3704

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\IntelprocKY\adobloc.exe
      Filesize

      2.6MB

      MD5

      5c583e8ad9d7feb69a53d5f2e96acebd

      SHA1

      326c23f66e999034c61d59ffc831aad2cb3c1a6c

      SHA256

      40deffd73a533fae2d5d7b8d313d89bf6a0035c65f4caa9df5699728def84def

      SHA512

      33ff2bdef0d4bcad3a9ff2e178f1e43d74b5ffe27264397865c2d4d2f29e7008b395442d2ba7fdf69c635c3171c2be279c997136b9c9e31d8db08ed23f4da83d

      Download Submit

    • C:\LabZSA\boddevloc.exe
      Filesize

      2.6MB

      MD5

      6f4cab2a76a2d7242511fe772d2129de

      SHA1

      672c7819eb737b4aab80e95a0c0ba25e0275f224

      SHA256

      c8ae4193a4f0ea7f024bdc38f535d8dc5051bf8a67693f1975ef6965083a40fa

      SHA512

      b0337f365cf74068ed3544d090fe025ec086d610ac7337953384d8cc0e927989340cc7743ed07b1cc51786267e2020ecf3c153ea670c73aa98ed61bd1dbcf3d0

      Download Submit

    • C:\LabZSA\boddevloc.exe
      Filesize

      2.6MB

      MD5

      c5894d0295fa9b5a9b0c49d3216b02c6

      SHA1

      b33c065b8e0b4ff990557fa993a0c2102c4e5dec

      SHA256

      897c6d4c5dc7cbf8ade89c8832a371ebe289c30f4618b227096e8838d77420c6

      SHA512

      a4ebe90baa31fa5a36a4412a95ec02d4d37ccd738d6d48b45989659a8d3db84603cab55d92e26b39aa53f9c643ded861020de34d63d23384422d22a4e5dd2a38

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      205B

      MD5

      77a7594500f32e56117ef1d7d19f0431

      SHA1

      d1f0d98a483968f9ad24910395ed0ae579f7fe1d

      SHA256

      15c0a1c3766e961672ab0fd163461c1e2ff2930a5f063622e979dcc97b5c4bf2

      SHA512

      3b441510ed584f76ea6002535e54f77a60badae69e7b8f3ee4ddcbca44151430e5cf1ea543f477dd7d5ec13d73e9788c27ec8dfa58408e782d1f7f4282826743

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      173B

      MD5

      1941f34944d6a0c9878e5b6e96e43c17

      SHA1

      4db2010326a8a0229edddfefa5054349025a9042

      SHA256

      383f25d2ac746606a684f5f8062674d826935dcb3ea30b0f6795d7c10701c66b

      SHA512

      809d04812f87ac389c28885a03e384d6a4c1e072050222070f60ef216d829e1d9221f904ccb97aa4f5a4263333459853050d8e21e0394994a8661b0fb4a4b213

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecabod.exe
      Filesize

      2.6MB

      MD5

      00b14c1135013394caddff53e355d934

      SHA1

      042da24292ca99987d53965d2b3aa0392b32af84

      SHA256

      cc02d58402e04d3ef934dd4f4283f7aa4ddc906658f644f9792b726ab165ef65

      SHA512

      da950c4b4542c3d72b9456b12392eea993c854efd3b2a539968be38ee28b4eb0babaa70e7256dd5c70ae1b964821ee786220cbd41ffa12c5fc907a2988c0663d

      Download Submit