fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 05:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
Size

4.1MB
MD5

cb49a7fff11e1300e51a7975b0b6c34b
SHA1

4f11628a97d4db9a324b0b4f2dd3ddf3fe1750a1
SHA256

fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0
SHA512

281301eb91aecaa2ff0d68f0c96992660a3c4346d3a999e30373dbfa762f80b4d12c27c6f4651296207b41d1515d979f3cd474689183f81723d8dd6853b1cb02
SSDEEP

98304:+R0pI/IQlUoMPdmpSpb4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmk5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1740	adobsys.exe

Loads dropped DLL 1 IoCs

pid	Process
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotJ8\\adobsys.exe"	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintOA\\dobdevec.exe"	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
1740	adobsys.exe
2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1740	2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe	28
PID 2204 wrote to memory of 1740	2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe	28
PID 2204 wrote to memory of 1740	2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe	28
PID 2204 wrote to memory of 1740	2204	fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe	28

C:\Users\Admin\AppData\Local\Temp\fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe
"C:\Users\Admin\AppData\Local\Temp\fd3d7b4c42d88167b7212cfe44d72396b2397b55102a6d76b34725f1405e1fa0.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2204
- C:\UserDotJ8\adobsys.exe
  C:\UserDotJ8\adobsys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MintOA\dobdevec.exe

Filesize
11KB

MD5
5d25a75e84b26d76b2cec61b97e23227

SHA1
6c6af98dcd635a62882a58a40485809bda24309f

SHA256
550f0a461bae1296c5175714de3255a08b17cb46f2b59039789178049134b83b

SHA512
c8bde8aff5f158763eaae68b41176c6430d76b6a0f638b520cfba25ed085c109bf71a51f1c94a5002ec4836359abc4a639e23994d968bbf41d5d64f122eef88e

Download Submit
C:\MintOA\dobdevec.exe

Filesize
4.1MB

MD5
513c22e06cc3e98b7da00ec1025e659d

SHA1
6f55474910d2302b8ebfb67b585058c9a660f793

SHA256
370cc65e6a9e2b551c5793820e0cb810a5b29c71aaa9a4bd4d770a2739489bcf

SHA512
396718ac14b97527aab05ff566f371fe3af3391dee98c8bdf274493a7e1b9732fd5b945f6b2942cd7bb8788baf955342b7f1c78d255a7d9dce404b538bbc8b16

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
205B

MD5
fb2e814d8e23530b58ae2fe355b070d3

SHA1
3ea920321939ff5b3507adca71bc914129c97223

SHA256
b922c8113e296bb503173c34ffff1f797fdb93a3122260f149c1f8fa2ef5fde2

SHA512
9f65b115cc9bc9565d8d1308da25fa497bf0e726a1f732b4612fc7d67670289e37863c04081722bb9383556936e97760dc0e46efbdaa1bd85759d5efe38abdef

Download Submit
\UserDotJ8\adobsys.exe

Filesize
4.1MB

MD5
bb4e47491c79af2ba5fa9e0a0cc4fd51

SHA1
a2c0aa7f71b357f810aee3c7270d66acdff2eadf

SHA256
2b98dbf215906d0809d856993abb37ec8e68aa286cbff29aa511bdb44fa6c808

SHA512
1083306c86abe503762ac64a39ca675c393b3cca54db9be1af9d430c726e24da09c92b5fdfbf19464a7f58920c6fe7cec1f8354f00fac0c15fd573143605b43f

Download Submit