Overview

overview

7

Static

static

3

34cd8e5f4b...15.exe

windows7-x64

7

34cd8e5f4b...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2024 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34cd8e5f4b0383d628094815a2844cce0ab01811a9d1d775603899c62c92d315.exe

  • Size

    4.1MB

  • MD5

    bc17c58c6bbc66388a0e92cd6729c4b6

  • SHA1

    bece640ff522a70203c31b97bbc4e34d50148296

  • SHA256

    34cd8e5f4b0383d628094815a2844cce0ab01811a9d1d775603899c62c92d315

  • SHA512

    8f02352dadc36f49ed3b49e30b2b704625405cf08155aba40dd08ea89605f71df57c083253c521bab6fcf29db1b87b808a2363c75208e30d5d59332032340131

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpc4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmb5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34cd8e5f4b0383d628094815a2844cce0ab01811a9d1d775603899c62c92d315.exe
    "C:\Users\Admin\AppData\Local\Temp\34cd8e5f4b0383d628094815a2844cce0ab01811a9d1d775603899c62c92d315.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Adobe80\adobec.exe
      C:\Adobe80\adobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Adobe80\adobec.exe
    Filesize

    4.1MB

    MD5

    b5c2a77270a60585e4b6731517f335f6

    SHA1

    fd8c157088bae4985f100848974aaf2beba39844

    SHA256

    0fb8b830ee7850f78ee702f879354351823e6789419490323ba875c9c8ffd692

    SHA512

    ec88a161e61bf949f50f851f96901a0913b35132a916d7a416a7b7cce564b068a5c3fb150548bb3eb091333916d369932753249dabca61782f19c506212d6627

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    198B

    MD5

    995cba15bb83d2f9f2cdaa3880468c75

    SHA1

    e243445da2612d587d88bfddb7bb8c4b15a40029

    SHA256

    1bdd5ccf90b76b8230bae6bfd780ea3a1c505d34996de891066801d3315cc034

    SHA512

    d48a9d475ea4ae86c9116607e0119944976d560fcb0133cdb81a502aff2f615db79c1b93105bb97fbab91e558de7f2319767f6e24d61c431b58ea7714484ea48

    Download Submit

  • C:\VidL7\bodxloc.exe
    Filesize

    349KB

    MD5

    87b1ef4f67b3122bbee3783956411f4e

    SHA1

    87707d181a4afa9c0d87172a600c9bd0ae696b56

    SHA256

    6529477d2013023595c3b12a08de07d45a662d648121b70c7e4190c8615f804a

    SHA512

    01bb6df4d6c120fa1038209c4ccd8eb5506bc66eaeec95975a26425362533acb60f3a6d1406cfe19cd583cb6836ab0e7193acbd88581372597e0d66553e5abb2

    Download Submit