Overview

overview

7

Static

static

3

09421bc642...0e.exe

windows7-x64

7

09421bc642...0e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09421bc6429c5804e1948ae9dc4c45b2583975164583e08f2b968106f0ef6b0e.exe

  • Size

    4.1MB

  • MD5

    9af8cd06eda45dda6af626f5e1bb4876

  • SHA1

    8041d152ebf87ac6047a43aad9740b20c10c907b

  • SHA256

    09421bc6429c5804e1948ae9dc4c45b2583975164583e08f2b968106f0ef6b0e

  • SHA512

    95e142354b99bc590453cf268d8c56c6df19fe662c3b5d272ee5e42a44678df189c2c51d9e8245762e5c85563454919f6d618aae09f8ee3b42e4c1ed9508718c

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpw4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmj5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09421bc6429c5804e1948ae9dc4c45b2583975164583e08f2b968106f0ef6b0e.exe
    "C:\Users\Admin\AppData\Local\Temp\09421bc6429c5804e1948ae9dc4c45b2583975164583e08f2b968106f0ef6b0e.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\SysDrvL9\adobloc.exe
      C:\SysDrvL9\adobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4604
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3776 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\KaVBUQ\dobxsys.exe
      Filesize

      4.1MB

      MD5

      df4bf3eebb9fd7521cd115f6e818df71

      SHA1

      0a14fcc11d5715e8c4715fcba9675ed2a0958701

      SHA256

      4597dd996212ba3e89e44c2d403cb7952927407280ac5c20a1a30a69b45ab56a

      SHA512

      aa965d669aa51dc4836cde2f71fb1ca2573c5fc7a68fcefd354f76d5634a261708c746db126120aa25ce6d91d7d0bebe19c3e9a675773da6a037a287499fe624

      Download Submit

    • C:\SysDrvL9\adobloc.exe
      Filesize

      4.1MB

      MD5

      635afbe2de581c7339a25a6cf21b6a6e

      SHA1

      ba7fcc8b9a6512a9f2a2418e509d2e6ebba0e7e7

      SHA256

      d330cf75b69ae857fe5018fea254e66b6da9b778382f8f4878f1a4ef57be753e

      SHA512

      c23faa15aadb3241987a0012d06da27b8fffd332f8062f0db715a71197085de2e2e291888818c75613aa2ba80377663334833b6b92a3ff04d0752cd933f81050

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      201B

      MD5

      d15b86fa4a65f5a73bbb1985df042be3

      SHA1

      306b20014f182f12a1924adbd7b1c46e0b8cec19

      SHA256

      0501e90008ad56759efc75890869233dc5f857810d53974ff6c0c7cf3b5bbd4b

      SHA512

      3a8e8a31b5f9cf868dcb81e2a66bd122990245903bf4a1676daa12e48a14f6fcd4f140f7cca95333c4120cf0e3ec96bfa6a5615800cab457bda83922ca9bba93

      Download Submit