6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
Size

2.7MB
MD5

93d043d6437997275025c6a24b1082d8
SHA1

26e4938c64e105944319f381d565dc13d0b15e60
SHA256

6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac
SHA512

50ffa8fb409cdb89aa89a903cb8a22c7d2188cccf03f22f7b9b41395f6b7d435e3df2fbfacdd91a3d68da425bec4ff5a91f63949f48c94e260506a21fd08070e
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBC9w4Sx:+R0pI/IQlUoMPdmpSpE4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2160	adobsys.exe

Loads dropped DLL 1 IoCs

pid	Process
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Adobe5E\\adobsys.exe"	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintLL\\dobasys.exe"	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
2160	adobsys.exe
2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2160	2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe	28
PID 2740 wrote to memory of 2160	2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe	28
PID 2740 wrote to memory of 2160	2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe	28
PID 2740 wrote to memory of 2160	2740	6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe	28

C:\Users\Admin\AppData\Local\Temp\6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe
"C:\Users\Admin\AppData\Local\Temp\6e34ed25a0cdd9a9eac6f872a8a127342c6797c7b407c18ec40f89fc62bb1aac.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Adobe5E\adobsys.exe
  C:\Adobe5E\adobsys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MintLL\dobasys.exe

Filesize
2.7MB

MD5
81a8abc9c4115a7ea9e1f99a0876c198

SHA1
86ac626e675618c4a416af1b29f29470173ef607

SHA256
e4e05d0605e5d880a4a92a9426a715da02913ec46ac077bb1a764de202c0ad5a

SHA512
254726278194a51d541ef3b942989f2f769b37dce1e92359c9d8c46705d27675eff77e7afa135581febb6a98b9632ff229401fd62c5ba030edf2cb55593a0e89

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
200B

MD5
87f2bb77522cd080b03bae729d5f3fb8

SHA1
87242da2bfe6b4a1ac43ff8206c3902b90322c11

SHA256
1c5e52e1cbfa29f8836916d2bb3919b6e391ca81e4c9ba0c11640c0577f6802a

SHA512
8e77f0c666093a51b82237b12630035d0bdc256865e6364c7ecaa5bb68ae9ce202f8152a59f3c1f9a1f8d588af824f0bad0c93bc2fe7a90362120483af087035

Download Submit
\Adobe5E\adobsys.exe

Filesize
2.7MB

MD5
69796b46aa7a90b0fa8ea321a263d8f5

SHA1
09b3a4cf2fefcac42d6f4bd7ac633d6758babce9

SHA256
9ed083826ba93deb763be04c315f6653d21898a8be19dd4c2ce2c280145fff58

SHA512
472b8fbc6bbc47495168f0cfc61aa2f430f7d7a89eed14df50abdf6d22965e9f194a9a0172d4b77fdbf65005c14304c9d15721e02ce07d146edb0be224b0a724

Download Submit