Overview

overview

7

Static

static

3

be8e8d8063...99.exe

windows7-x64

7

be8e8d8063...99.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    152s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 02:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be8e8d8063da116e9838a5493b80c0f1bfd188e8d41934c426672becc6079a99.exe

  • Size

    6.0MB

  • MD5

    6d47997c7b35a68b7b71057be8d554e2

  • SHA1

    582c56c4b300bb4cfacf93894a0d8cc0e55db221

  • SHA256

    be8e8d8063da116e9838a5493b80c0f1bfd188e8d41934c426672becc6079a99

  • SHA512

    7ea11617569d9e1c73b3d228d6f1e96e3360e9231672f161acd8710db59c9209840a3a8888399bf60db507e6b2619b29e075c185865f18ce470fa4a0afc1c0be

  • SSDEEP

    49152:w8YBR/kLYjAFjYtalkMyXh/ZMlqFxp73ooGBHI+ruP3A5GhOoT8NXadkMG1hdAKW:xIJpMqnhIHVruP3Ld81hCHC/zZWN

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 39 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be8e8d8063da116e9838a5493b80c0f1bfd188e8d41934c426672becc6079a99.exe
    "C:\Users\Admin\AppData\Local\Temp\be8e8d8063da116e9838a5493b80c0f1bfd188e8d41934c426672becc6079a99.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4868
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3456

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\RCXA2A2.tmp
      Filesize

      6.0MB

      MD5

      a98515b6192b81d3e2f6320b8f961b69

      SHA1

      adae61adb2dd0f3242326cf4e637860c087095f0

      SHA256

      24e32761fc23209770faa78b5cf6a0d1c59848344948ee31a272cf44c05d51e1

      SHA512

      7a1950deddb145d98cce7a81b6f887b2cbf540c833187d0e4c1ea013fa6912f8b5f0f1614eaa36ccba3026b8acb83bdb9ee1d379f8d8de927c93e15970c1c851

      Download Submit

    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt60AcroCEF.exe
      Filesize

      11.9MB

      MD5

      890d9e172677275505c3b2483723daaf

      SHA1

      a43884d534309c726cff1d9e0aa618a7edf3840b

      SHA256

      733d80355d40aa5f804caa10adf7bbb47d18cecb03dfbf50efe1a184e2c8bfcb

      SHA512

      26aee87e35484121303fae9b9f1ecde1c1a6dfb88d822a9d251f03f0506e9b08bfd0394dba74e85166d3611d5424605557c5ec4be012e77f407756cbf6f5e8d0

      Download Submit

    • C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msaddsrWindows.exe
      Filesize

      6.0MB

      MD5

      09553c1ea9e6df2b369e8cba02fca3f2

      SHA1

      1ea64d07acc0b248e6298406a6c7aa2642990b8d

      SHA256

      267b90b1b08d028ec856e03b5075c9d9b6e51eed3b93efa783a1a6374485db61

      SHA512

      17b75f83dab0c6798589e350b299c1323bb9225a54465fefeef6e4cb602da84e4efd2d451586012e959a8f53a0caae1c6209a1fb820f1b097dc8a1637a2c7737

      Download Submit

    • C:\Program Files (x86)\Internet Explorer\it-IT\ieinstalieinstal.exe
      Filesize

      6.0MB

      MD5

      6d47997c7b35a68b7b71057be8d554e2

      SHA1

      582c56c4b300bb4cfacf93894a0d8cc0e55db221

      SHA256

      be8e8d8063da116e9838a5493b80c0f1bfd188e8d41934c426672becc6079a99

      SHA512

      7ea11617569d9e1c73b3d228d6f1e96e3360e9231672f161acd8710db59c9209840a3a8888399bf60db507e6b2619b29e075c185865f18ce470fa4a0afc1c0be

      Download Submit