fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
Size

2.7MB
MD5

8e5027e9f752201299b79b654e2c29ab
SHA1

99802ac78e3c388e599c8350ccdc83d54850601b
SHA256

fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a
SHA512

c01f52586b21d9c3c136f320e3b5310cfb878f1547a4f1c4155085c6be3b17013f19d309a349d6e949799b4bfe6dccb1522fadb0f78602c2182d4a9aafbb9fee
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBq9w4Sx:+R0pI/IQlUoMPdmpSpY4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2076	abodec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeE0\\abodec.exe"	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidKG\\bodxsys.exe"	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
2076	abodec.exe
2076	abodec.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 2076	3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe	91
PID 3456 wrote to memory of 2076	3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe	91
PID 3456 wrote to memory of 2076	3456	fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe	91

C:\Users\Admin\AppData\Local\Temp\fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe
"C:\Users\Admin\AppData\Local\Temp\fdeb922481b5b954f2937cabbcd48b6ccc634ed720788bfb7b341bb7e2f41d1a.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3456
- C:\AdobeE0\abodec.exe
  C:\AdobeE0\abodec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\AdobeE0\abodec.exe

Filesize
2.7MB

MD5
bccfea140ef0b0c671084153565a7bfb

SHA1
170e2aae95aa95a516ed530bd6226d521d5e87fc

SHA256
b4666dc0ee9b806cca681a662d2df495bc26af4772f58f2bed10ac111cf0f4d5

SHA512
3d204d3155d23b14ea99e4b740305bf54ef0a095197be06255367fbfcfd10fc6c2f00ec9b1629afe3e2a256a9673835244113b6194747af33d0e7a6407813562

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
200B

MD5
b54706369c8bb086200349e686868363

SHA1
975b9dbaeb330876ee93e232e3e97943419c8ec5

SHA256
1d7c0997a9eaf7d55c9f70272c1a12fad29d2df82b35d56d95f7521d8d47356f

SHA512
3b0c255e3f0a4f387df5fd9028177a2a227ecf81d28f5219aa6544a60904c7e88c9398de09722868e7f55cdb56df90907c433f4e2af6bde03d07a4e1ee3e62cb

Download Submit
C:\VidKG\bodxsys.exe

Filesize
2.7MB

MD5
927eb2c91a3d635f1c05fe47a401dd25

SHA1
cfb18e3b8958311d3d99a1217730aa1d5237799f

SHA256
c454c522f1d2ab0f72348e98292868c4c6d52606c5a112009be9eab794dc0d15

SHA512
997bab4bce45af5f27228664b0cb7a5b653c5b429c8a387460bc3392095a580fee48018515be2c8cde3334484545713dab65595c620453aae213f172ea24d4fa

Download Submit