60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0

Analysis

max time kernel
149s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
Size

2.7MB
MD5

e5f688c2d102219906f56c61e38837b5
SHA1

c30d654f6664510ea82bfce9004395882bf7d44f
SHA256

60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0
SHA512

a5d6e57be0ea0dd7c8ee4a6a55c58c7c79971a1fc63c2baf9e58767891458c8f1e39e7b44b7a4cf1121f868e253785f685f8b423c728469fb9249cc5de72da56
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSp44

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4520	adobec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeI2\\adobec.exe"	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidXD\\optiaec.exe"	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
4520	adobec.exe
4520	adobec.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 4520	3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe	84
PID 3432 wrote to memory of 4520	3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe	84
PID 3432 wrote to memory of 4520	3432	60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe	84

C:\Users\Admin\AppData\Local\Temp\60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe
"C:\Users\Admin\AppData\Local\Temp\60347fa606c3332df2009d10c5858940baf1095bd233ac08c5e38c05de995ff0.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3432
- C:\AdobeI2\adobec.exe
  C:\AdobeI2\adobec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\AdobeI2\adobec.exe

Filesize
2.7MB

MD5
7e673b677160641779f8545eef1eeb75

SHA1
9cfba602456c1d3a53826b75bf12a700ccad1b4a

SHA256
97116721ea7afc7152e77fb259f3f8c6128d5c337e4b0d7f3af1909e1637e7ec

SHA512
9c1ad514ddf33bc6c89554531450e7affa754b35065bc4314ee4d3e4b570d0cbb8e5c963862edc55921e0b06693607b9e46cf568aa38d949f910d0ec28b70914

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
199B

MD5
34f73e0516f09fd996751f3afbb989bc

SHA1
506f944e6a6c79c57f6cf304c4ec74cae2f268b6

SHA256
728f19657c0536f78a521e090cf3056ab40e6c2ecf056ca516ec9f425188c187

SHA512
4565cfdacaded9b69bc63f36ca4d15091d4e463685adf634f15b464bdbba5b260d9ea236f183a2569f6eb82e73e11dfa8a03467ab0207de05b72d0a326a61e38

Download Submit
C:\VidXD\optiaec.exe

Filesize
1.1MB

MD5
4427778fc93fc48fa79c92296a789d14

SHA1
0fd7d31f1f4e4ea1284d8f7136af57babe861aba

SHA256
6656a5eb81046d484b986286e06a795de63606e2ff953663c6a47958a8c75438

SHA512
07107aa2d34cd483fe671f7a469a08dec1900fd720ee74ce58488a74386626c416c0f06bea598d37aa085d0a11018601dc6bd859f0773256077247e263756edc

Download Submit
C:\VidXD\optiaec.exe

Filesize
2.7MB

MD5
c1970ae962431cc6663c05096deba07b

SHA1
e5054ca06ca6ea793677500396e6a1a6fce20c3e

SHA256
fb9da08ea92cb6e378c1a0972c32e83e26a2ec70a7336c76cda34f7c1f69ade9

SHA512
d914bbcfa1bd94b0db6e9084c0cffe29cbe1c274a5518b77746ab6045ee9f927dd9faf38be55d3400379efb9573130654ced70c2f7e2369a09a95fc0ff14d87c

Download Submit