Overview

overview

7

Static

static

3

2f6ee05e70...bc.exe

windows7-x64

7

2f6ee05e70...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 18:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f6ee05e70af1b9d6af78d2385ad461c64cf98b995fc1b50b7d448ab4b95b5bc.exe

  • Size

    2.7MB

  • MD5

    32ec9dc8f0907845adef528ebbf1b016

  • SHA1

    3657a6df7fda6b556a28ef8fe70c33c39be2863c

  • SHA256

    2f6ee05e70af1b9d6af78d2385ad461c64cf98b995fc1b50b7d448ab4b95b5bc

  • SHA512

    b0d06f262e5144d74667cd19d7c93959a9a382d27211c2c355e3f8e6c0ca5d07ed0acbf621da150d46e178c3a1adee5695d6097b62b525c4de4ba3af7ff47e98

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBy9w4Sx:+R0pI/IQlUoMPdmpSpk4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f6ee05e70af1b9d6af78d2385ad461c64cf98b995fc1b50b7d448ab4b95b5bc.exe
    "C:\Users\Admin\AppData\Local\Temp\2f6ee05e70af1b9d6af78d2385ad461c64cf98b995fc1b50b7d448ab4b95b5bc.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\IntelprocUL\adobloc.exe
      C:\IntelprocUL\adobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:792

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint0F\optidevloc.exe
    Filesize

    2.7MB

    MD5

    3212b1cdeabcab2bc857ed919501daf0

    SHA1

    676dd86fd1e1b33b6d685f74dddb6e395a0f5fd9

    SHA256

    314b199e6712181f5641e25bb002fc93156211c6846124d46f285cacb33b4a24

    SHA512

    1293e27f601a68398353f6ebee5e9358a8ed5dab3fa2893228b7b50b1b873aa8214c72c85212c688a10fc684e7faf40ab8fed5e9f1e66b3e044376a6a032526d

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    84f1c891ee1963933f263af599f275a8

    SHA1

    26fa527cf85ed99d7ce588f23557d5a0d8068abb

    SHA256

    54361c2e4a5d3e2993bdd4bff4fc03f06bbde354ef6f7cc437d0bd0f391d8749

    SHA512

    ce040370a77a8a5d15d8b3a489a59f3c090c4dcf7fdb02472a2e88de5d7b3b9138311d56e5fe10f9ecde65743bad914c847f0dcd90f302599f49cc1a309ef89a

    Download Submit
  • \IntelprocUL\adobloc.exe
    Filesize

    2.7MB

    MD5

    3ebe887d865c0dab1eee4243f3c77d3e

    SHA1

    9be8fa9688622be1d190decfc5ad7c1abb211fa4

    SHA256

    6a77659a73191f7c0eb0052629a728e69ffee72b40c072a3977f435077e94d7f

    SHA512

    8f8b7218068a744d4e9ab61d7acedeb2b236c3282b8206063dd07edfb19cc3c3cb169195311416a4c03ce2849cd2f2968d3ec71fe820b4d4729e26a82fe24eeb

    Download Submit