Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 19:55

General

  • Target

    25d3e86e7dc49fafc334d304b429122ad10ab0546262b61673a5fc9b66f46054.exe

  • Size

    4.1MB

  • MD5

    2e956caa3fbfb06667179e69a70f2aa8

  • SHA1

    7127e99ffde554009f53d82628f40ef0c5e3aee6

  • SHA256

    25d3e86e7dc49fafc334d304b429122ad10ab0546262b61673a5fc9b66f46054

  • SHA512

    521a9947b261de2dff933fc53bbc13cd410650ce9fd6110fe49b4979103f1b6b2e3c9aab12eeaf16b13fffa1232ed6e0bc851c254551799f216f6e816a3c3cec

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpa4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmZ5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25d3e86e7dc49fafc334d304b429122ad10ab0546262b61673a5fc9b66f46054.exe
    "C:\Users\Admin\AppData\Local\Temp\25d3e86e7dc49fafc334d304b429122ad10ab0546262b61673a5fc9b66f46054.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\AdobeNR\abodsys.exe
      C:\AdobeNR\abodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintHB\optialoc.exe

    Filesize

    4.1MB

    MD5

    d45afec177f55b934bf41f81c346a5c9

    SHA1

    80c8e80807807e018a066f3f4b0f9b773a90065e

    SHA256

    550dfd339a5fb9759166f3aec0d52ae2c5601eef1c597aa9af1b152fca84b469

    SHA512

    d674199fbcb9846981e5f52525e2a2abbbf446291f360962e1df31706c50e2a455e434038efb35c0bedeb4015e4aedf684ca67bbb95711bfe29f1203da140c11

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    203B

    MD5

    7aaacd0b2640b8f982e8b9c741d78b73

    SHA1

    c314fdf6f0c87086d316eb9e84272a362573cf64

    SHA256

    3036fef57825b70232c83a5ff86ff35985a102dad43370f19ac33255d9411ca4

    SHA512

    2c0cbbd7e901fc445236a76ab37392627711f1401fed776cedcbcc576672608164b9fdbadc8db3d35d4e7c90142ba603bbc2b238bd11b4749042680ec111d9da

  • \AdobeNR\abodsys.exe

    Filesize

    4.1MB

    MD5

    928ce4f41eeb8f5790c4295d23bbac84

    SHA1

    8dc2cf5d5824b1b4b14a03cc17cb2edbff335afb

    SHA256

    1c9991429e51f79399dd92856e2887004f26a745730a360efdc1e9376eeb8432

    SHA512

    36608f620f81c5fdc3b78cf683610f02a4137c8d4bf46205dbac4860910ae8f7a2c8ca7bb2686cc053259bb5b5b7b0da8b95ba3f6f0a21600bd53e9b65922c49