Analysis Overview
SHA256
a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b
Threat Level: Shows suspicious behavior
The file a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 02:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 02:10
Reported
2024-06-14 02:13
Platform
win7-20240611-en
Max time kernel
150s
Max time network
125s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\UserDotI1\adobsys.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotI1\\adobsys.exe" | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVB7H\\dobxsys.exe" | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1704 wrote to memory of 2208 | N/A | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | C:\UserDotI1\adobsys.exe |
| PID 1704 wrote to memory of 2208 | N/A | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | C:\UserDotI1\adobsys.exe |
| PID 1704 wrote to memory of 2208 | N/A | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | C:\UserDotI1\adobsys.exe |
| PID 1704 wrote to memory of 2208 | N/A | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | C:\UserDotI1\adobsys.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe
"C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe"
C:\UserDotI1\adobsys.exe
C:\UserDotI1\adobsys.exe
Network
Files
\UserDotI1\adobsys.exe
| MD5 | 5f1c72a1603362fc2e3228d0a9cfea67 |
| SHA1 | 8e2c79542c96c58c8bcf456bd87b8363109a09a0 |
| SHA256 | a485fc34ced2a3c9acf2e520bfcc6a13dedc425b6f9534298e49cd61fb4f08b6 |
| SHA512 | 4633c0a12cc48ba33576fb634cf01f822132d4f89e1048b86885cda28ae9dc664443320f2afb40e4d17fffd5d0409457242bbd940e6dfcd821da434c577cfef8 |
C:\Users\Admin\253086396416_6.1_Admin.ini
| MD5 | 9974dd3e0bef085449064bab379cb674 |
| SHA1 | f9ce8f9c020c0726c4ff4ec1c0ee35df4d6047a5 |
| SHA256 | 1f78780c06ff5961dce086a35c1f9861c16a8f6557a189a7612ecaf144431a02 |
| SHA512 | efb355e73cc25b1b28b24d83fe9d982331384613bb281e3fe6acbb0c809c35294b7660f55b41e14a1393526ae2f851f12cebcf9f434bca1772dfdd8f9fa4cc99 |
C:\KaVB7H\dobxsys.exe
| MD5 | ec02e1553906bcafe9527a5d2faccf08 |
| SHA1 | bba3f83fe2b48ed714339591b128319c3384c229 |
| SHA256 | 143bf87d19a3f081ad4f58bef70f0b7016084523e127f51a4642813c48588590 |
| SHA512 | b67c92dba24c091b7a0b5a8053b07c47b85598b1660528d7f2d137379720a28e5f943ff454e943c8e6294efb5f1af2b2710f8a18f9811fbb2a7d1ae4e1ea7a59 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 02:10
Reported
2024-06-14 02:13
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\AdobeAH\xbodec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeAH\\xbodec.exe" | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZPU\\dobdevloc.exe" | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2644 wrote to memory of 1940 | N/A | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | C:\AdobeAH\xbodec.exe |
| PID 2644 wrote to memory of 1940 | N/A | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | C:\AdobeAH\xbodec.exe |
| PID 2644 wrote to memory of 1940 | N/A | C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe | C:\AdobeAH\xbodec.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe
"C:\Users\Admin\AppData\Local\Temp\a510ec2b8a2c67dd787baf3413655582ee51cc65ecbb08ff9fd7a510b299b49b.exe"
C:\AdobeAH\xbodec.exe
C:\AdobeAH\xbodec.exe
Network
Files
C:\AdobeAH\xbodec.exe
| MD5 | 97845bace820aa98d2da4f0ac7284c6d |
| SHA1 | 14b2ea90c83bc0594ff215a42e92f47d59b30e5f |
| SHA256 | d12b92aa909010bca3dd5b6b42f5195112240d3042b1fe14a8152ee3e1cb6cb3 |
| SHA512 | 26eddd08f8df15f840b7f0ab202c896b5de1dc15ef8320a02f535b1ef1c8aaff911cf3ccd0fd9ffec9d0abf3232660392c2bc261b2312d972c71768b395ed2c6 |
C:\Users\Admin\253086396416_10.0_Admin.ini
| MD5 | 3e94f56da31196ab7dffd77ebb7bc4ac |
| SHA1 | 849a6454e386a24258a3b4cc87b3817f0cb6e059 |
| SHA256 | ce09fff05cde025ba678deaecf3299989297e441588ae35bf26f3abfaa8015ea |
| SHA512 | 47006cf64de49debafcd3131243d182063f667c6c0f784afa4085827a807ccf630d4c0d35de86a513189a7feac588d592d5563b14f8174e649331ceb0da63614 |
C:\LabZPU\dobdevloc.exe
| MD5 | 5588ace092e6ee293c787f26464c9e69 |
| SHA1 | 9f38f3fb4a346a8d6b6712c4727abba14aee4c48 |
| SHA256 | 11179978a9d34084dd14ada8fa7edbaeb3a1ed69faaa29e6a9df38f3ed57a749 |
| SHA512 | 62fed1696c531d57d5c18972d22c8ceba55113df913e1f4b8af25261e92c53b7a2a924db8c6bca861efd28487f18870805268a566a1533fc1454f9bd7477c7b7 |